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(&a) SYSTEM FOR DELIVERING PROGRAM TO STORAGE MODULE OF MOBILE TERMINAL 



(57) A UiM i 2 hf:viric; a plurality/ ot storage areas is 
buiit into or mounted m a mobile terminal H A contents 
server 19. L-pon receipt cf a distribution request from the 
mobile terminal 11. distributes a program or data used 



af the time of program execution or the program itself 
through a network including a radio network. This pro- 
gram and the data or the program iiseil are stored in the 
storage area of the UIM 12 and not through the comrol 
unit of the mobile terminal 11. 
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Description 

TECHNICAL FIELD 

[0Q01] The present invention reiatestcatechniquefor 
distributing a program (application or applet) to a stor- 
age module built or rnounted in a mobile terminal. 

BACKGROUND ART 

[0002] In recent yssars. a mobile terminal has been de- 
veloped which has a program executing environment. 
An example of a mobile terminal oi this type is one which 
has a Java virtual machine. The user installs a program 
in tne mobile terminal and thus can add a desired func- 
tion to the mobile terminal. 

[0003) However, tven if desirable functions are added 
to a mobile terminal, a user is liable to become tired of 
using the same mobile terminal after a protracted peri- 
o;i. On the other liana, the mobile terminal industry suf- 
fers fierce competition and various new products, attrac- 
tive to users, have been successively placed on the mar- 
ket. A user may want to change his mobile terminal with 
a new desirable product placed on the market Once the 
mobiis terminal is replaced, however, the functions lhat 
have hitherto been added to the old mobile terminal can- 
not be used any longer. If the same functions are to be 
used oven after thecsange of a mobile terminal, tne pro- 
grams that have been Installed in iheold mobile terminal 
have tc oe installed in the new mobile terminal. This is 
a troublesome job. 

DISCLOSURE OP THE INVENTION 

[Q004| This invention has been achieved in view of the 
situation described above, and the object thereof is to 
provide a system in which even after a mobile terminal 
is changed, the programs that could be used before the 
change of the mobilstenminai. can be continuously used 
after the change. 

[0005] In ord'jr to achieve this object, the present in- 
ventors have taKen notice of a certain type of a mobile 
terminal, thai is to say, a mobile terminal capable of be- 
ing mounted or having fitted therein a module for storing 
the subscriber information including the subscriber 
number and the memory dial information (hereinafter re- 
ferred to as the user 10 module or UIM). The use- ol this 
type of the mobile terminal, whenever desirous of 
changing it with a new mobile terminal, can use the new 
mobile u.-nntnal in Similar manner simply by mounting or 
building into the new mobile terminal the UIM which he 
may have. In connection with this, the present inventors 
have come up with the following idea Specifically, once 
a program is storeci in this UIM. the program used with 
the old mobile terminal can be easily transferred to the 
new mobile terminal for an improved operating conven- 
ience of the user. 

[0006] Nevertheless, the problem of security has 



been an obstacle to realizing such a novel mobile ter- 
minal. 

[0007] First, as long as no limit is set on the operation 
o? writing a program in the UIM trie inherent functions 
5 of the mobile terminal may be undesirably destroyed in- 
tentionally or negligently, 

[0008] Also, the subscriber Information stored in the 
UIM may include the personal information cr data hav- 
ing monetary value. From the viewpoint of security, 
*o therefore, careful consideration is necessary not io 
cause the leakage of 'his information m writing a pro- 
grams in the UIM. 

[00CS] In order to solve this security problem and Im- 
prove the operating convenience for the user, according 

'5 to the present invention, there is provided a program dis- 
tribution system comprising a mobile terminal having 
means for transmitting a program distribution request, 
a storage module built in or connected to the mobile ter- 
minal, a contents server for receiving the distribution re- 

20 quest and transmitting a program to be distributed and 
a distribution management server for receiving tne pro- 
gram from the contents server and, as long as the con- 
tents server is authorized, transmitting tne program re- 
ceived from the contents server tc the storage module 

2i> built in or connected to the mobile terminal, character- 
ized in that the storage module includes a storage unit, 
and a control unit for storing in the storage unit the pro- 
gram received from the distribution management server 
through the mobile terminal and executing the program 

30 stored in the storage unit in response to a request. 
[0010) Also, according to the present invention, there 
is provided a program distribution system comprising a 
mobile terminal having means for transmitting a pro- 
gram distribution request, a storage module bulil in or 

35 connected to the mobile terminal, and a disfribution 
management server for receiving the distribution re- 
quest: and in the case where the program to be distrib- 
uted is provided by the authorized contents server ac- 
quiring and transmitting the program to the storage mod- 

•ic ule built in or connected to the mobile terminal, charac- 
terized in that the storage module includes & storage 
unit, and a contra! unit for receiving the information 
through the mobile terminal: storing the information m 
the storage unit only in the case where the information 

4 $ is the program received from the distribution manage- 
ment server and executing the program stored In the 
storage unit in response to a request. 
[0011] With these systems, only a program supplied 
through the distribution management server from an au- 
thonzed contents server is written in the storage module 
and therefore, the user can write a new program in the 
storage module with guaranteed security. 

BRiET DESCRIPTION OF THE DRAWINGS 

55 

[0012] 

Fig 1 is a block diagram showing a configuration of 
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a program distribution system according to a first 
embodiment of ;ne invention. 
Fig. 2 shows in* external appearance o' a mobile 
termma; acco'csing to the same embodimeriT. 
Fig. 3 is a block diagram showing a configuration of 5 
the same msbils terminal. 
Fig. 4 is; a diagram showing a configuration of the 
same mobile terminal ana the UIM DUilt in or con- 
nected to ii. 

Fig 5 is a sequ&nce diagram showing the process to 
from program distribution to activation according to 
the same embedment. 

Fig. 6 it a sequence diagram shewing the program 
distribution operation according to the same em- 
bodiment. 19 
Fig 7 is a diagram showing a display screen or the 
mobile terminal at the time or program distribution. 
Fig 8 is a sequence diagram showing the program 
activation operation according to the same embod- 
iment, 20 
Fig. 9 is a sequence diagram showing the process- 
es of the program deactivation in compliance with 
a request from t«e consents server according to the 
same embodiment. 

Fig. 10 is a secuence diagram showing -he process 
of the program delete operation in compliance with 
a request from the contents server according to the 

same embodiment. 

Fig 11 is a sequence diagram shewing the process 
of the program deactivate operation and the pre- 30 
aram delete operation in compliance with a request 
from the distribution management server according 
to the same embodiment. 
Fig. 1 2 is a sequence diagram of the UIM exchang- 
ing the version information according to the same 35 
embodiment . 

Fig 1 3 is a sequence diagram showing the process 
ending In a program distribution failure due to a 
memory shortage. 

Fig. 1 A is a sequence diagram showing the process *o 
ending in a program distribution failure due to a 
memory error. 

Fig. 1 5 Is a diagram showing a display screen pro- 
vided to the user at the time of program deletion 
Fig. 1 6 is a diagram showing a display screen pro- « 
vlded to the us.er at the time of account settlement 
'or an electronic commercial transaction. 
Fig, 1 7 is a diagram showing a display screen pro- 
vided to th<j user at the time of commodity purchase 
in male order sale 50 
Fig, 1 8 is a diagram showing a display screen (or 
setting the automatic program start. 
Figs. 19 and 20 ate diagrams showing a display 
screen at the Hme of using a commutation pass. 
Fig. 21 is a biooK diagram showing a configuration 55 
of a program distribution system according to a sec- 
ond embodiment of the invention. 
Fig. 22 is a diagram showing a configuration of a 



memory in the UIM according to the same embod- 
iment. 

Fig. 23 is a block diagram shewing a configuration 
of a distribution management server 1 6A according 
to the same embodiment. 
Fig. 24 is a sequence diagram showing tne process 
for registration in a user information storage unit. 
Figs. 25 and 26 are sequence diagrams showing 
the operation of registering a program registered m 
the user information storage unit, in any of the basic 
biocks of the UIM 12. 

Figs. 27 and 23 are sequence diagrams showing 
the operation of registering a program registered in 
the user information storage unit , in any of the basic 
Diocfcs of the UtM. 

Fig. 29 is a sequence diagram showing the opera- 
tion of deleting a program registered in the user in- 
formation storage unit 5 1 . 

Fig. 30 is a sequence diagram showing the opera- 
tion of deleting a program registered in the basic 
blocks of the UIM. 

Fig 3i is a sequence diagram showing the deacti- 
vation process for the user information storage unit. 
Fig. 32 is a sequence diagram showing the deacti- 
vation process for the basic blocks. 

BEST MODE FOR CARRYING OUT THE INVENT! ON 

[0013] Now. preferred embodiments of the invention 
will be explained with reference to the drawings. 

[1] First embodiment 

[1.1] General configuration of program distribution 
system 

[0014] Fig. 1 is a block diagram showing a configura- 
tion of a program distribution system according to a first 
embodiment of the invention 

[0015] A program distribution syslem 10 roughly com- 
prises a mobile terminal 11 , a radio base station 13, a 
switching station 14, a network mobiie communication 
service control urA 15, a distribution management serv- 
er 1 6. a distribution service control unit 1 7, an authenti- 
cation server 1 B. a contents server 1 9 and a public net- 
work 20. 

[00t6j Tne mobile terminal 11 is an information 
processing unit, for example, having communication 
functions such as a portable telephone or a PHS iPer- 
sonal Handyphcne System (registered trade name)) 
Further, the mobiie terminal 11 has mounted or built 
therein a UIM (User Identificstion Module) 12 capable 
of storing various programs cr data 
[0017] The radio base station 1 3 communicates with 
the mobile terminal 11 through a radio link. 
[001 S] The switching station 1 A controls the switching 
operation between the mobile terminal 11 and a com- 
mon channel interoffice signal network 20 constituting a 
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■Aire network, conn-sated to each other through the radio 
base station 13. 

j/0019] The network mo»:fc communication service 
control unit 15 controls She communication in the case 
where a program is distributed io the mobile terminal 11 
through the public network 20. 
[0020] The contents server 1 S distributes various con- 
tents on ths one hand and distributes a program as re- 
quested from She mob^e terminal 11 on the other, 
[0021] The distribution management server 1 6 relays 
and manages the distribution of a program from the con- 
tents server 1 9 to the UIM 12. The distribution of a pro- 
gram to the UIM 12 and access to a program stored in 
the UIM 12 are carried out always througn the distribu- 
tion management server "6. This is the most significant 
feature of this embodiment. 

[0022] The distribution service contra: unit 17 oper- 
ates tike an interface between the distribution manage- 
ment server 16 and the; public network 20 in the case 
where a program is distributed through the pubile net- 
work .20. 

[0023] The authentication server 1 8 is a device for is- 
suing a certificate required for program distribution to 
the contents server 19. This certificate includes a UIM 
public key having ths function of explaining, for the ben- 
efit of the UIM 12, tnat the contents server 19 is duly 
authorized to distribute a program to the UIM 12, and a 
distribution management server public key having the 
function of certifying, for the benefit of the distribution 
management server 16, that the contents server 19 is 
similarly authorised. 

[0024] The content?, server 19. the distribution man- 
agement server 16 -and the authentication server 1 8 ac- 
cording to this embodiment have the foliow=ng functions. 

respectively. 

(a) According to this embodiment, the contents 
server 1 9 sends a program addressed to the U 
12. to ths distribution management server 1 6, which 
in turn distributes the program to the UIM 12. Ths 
contents server 1 9 never distributes the program di- 
rectly io. the UlfVt 12. 

(b) The contents server 19 distributes a program to 
tne UIM 1 2 by encrypt; comrr>ur>8S«scn of a public- 
key type with the distrioution management server 
16 as an intermediary The UIM 12 of each user Is 
equipped with a PKI (public key infrastructure), and 
eacn UIM 12 tvns. a UiM private key unique to the 
particuiar UIM *2. For distributing a program ad- 
dressed tc a given UiM 12 the contents server 19 
acquires a UIM public key paired with a UIM private 
key for tne part icular UiM 12. whereby the program 
is encrypted. 

(c) According to this invention, only an authorized 
contents server 19 can distribute a program ad- 
dressed to the UIW 12 The authorized contents 
server *9 is assigned a distribution management 
server public: key. The contents server 1 9, upon re- 



ceipt of a distribution request from tne mobile ler- 
rnmai 11 , further encrypts, by the distribution man- 
agement server public key. the program already en- 
crypted by the UIM public key and addressed to the 
s UIM 12 : and sends it to the distribution manage- 
ment server 16, 

fl .2] Configuration of mobile terminal 

io [0025] Fig. 2 shows the externa! appearance of ths 
mobile terminal 11. The mobile terminal 11 includes a 
dispiay section 21 and an operating section 22 
[0026] As shown in Fig. 2, various processing menu 
items, tne screen being browsed, the telephone number 

is screen, etc. are displayed on the display section 21 . 
[0027] The operating section 22 has a plurality of op- 
erating buttons for inputting various data and displaying 
menu item screens. One of the operating buttons of the 
operating unit 22 is a UiM button 23. The UIM button 23 
is operated by the user for utilising a program stored in 
the UIM 12, 

[0028] Fig. 3 is a biock diagram showing a configura- 
tion of a mobile terminal, 

[0029] The mobile terminal 11 includes a display scc- 

25 tion 21 . an operating section 22, a control unh 31 . a stor- 
age unit 32. an externa! equipment interface (l/F) unit 
33, a communication unit 34, a UIM interface (l/F) unit 
35 and an voice input/output unit 36. 
[0030] The control unit 31 controls the various parts 

30 of the mobile terminal 11 based on the control data arid 
the control program stored in the storage unit 32. 
[0031] The storage unit 32 is configured of a ROM. a 
RAM, etc., and has a plurality of storage areas including 
a program storage area for storing various programs 

55 such as a browser for accessing an internet and a data 
storage area for storing various data. 
[0032] The external equipment l/F unit 33 is an inter- 
face utilized by the control unit 31 and the UIM 12 for 
exchanging information with an external device. 

•to [0033] The communication unit 34 transmits varsous 
data including audio and text messages to the radio 
base station 13 through the antenna 34A under the con- 
trol of the control unit 31 on the one hand, and recedes 
various data sent to the mobile terminal 1 1 through the 

•*s antenna 34A on the other hand 

[0034] The UIM l/F unit 35 inputs/outputs data from 
and to the control unit 31 . The UiM l/F unit 35 aiso out- 
puts ths output data from the communication unit 34 or 
the external equipment l/F unit 33 to the UIM 12 without 

so the Intermediation of the control unir 31 Also, the output 
data of the UIM 12 is output directly to the externa! 
equipment l/F unit 33 or the communication unit 34 di- 
rectly without the Intermediation of the control unrt 31 . 
The reason why the data are input/output from and to 

ps the external equipment l/F 33 or the communication, unit 
34 without the intermediation of the control unit 31 is m 
order to prevent an illegal access to the data on the UIM 
1 2 by the alteration of the control program of the centre! 
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iinst 31 and thus so maintain security 

[1 .3j Configuration o? -UIM 

[G035] Fie,. 4 shows a configuration of the UIM 12. in 
PI:}. 4. a part o? the component elements of trie mobile 
terminal 11 are shown together with the component el- 
ements of the UIM 12 to clarify the relation with the mo- 
bib terminal 11. As shown in Fig 4. the UIM 12 includes 
a memory 12M, which in turn, roughly, has a system ar- 
ea 1 2A anc an application area 1 2B. 
[0036] The system area 12A has stored therein per- 
scnal information data unique to each user such as sub- 
scriber nun&sr data outgoing call history information 
data, incoming cart history information data, speech lime 
information data and a UIM private key. The mobile ter- 
minal 11 communicates with ether communication units 
using the subscriber number data in the system area 
12A as a calling iine identity. 

[0037J The eppi*3t!on area 1 2B is for storing the pro- 
gram distributed ana the data used at the time of exe- 
cution of the program, and divided into a piuraiity of ba- 
sic blocks. In the case shown in Fig. 4. the application 
area 12B is divided into six basic blocks 40-1 to 4C-6. 
£0038] The basic blocks 40-1 to 40-6 each include a 
program area 41 and a data area 42. The program area 

41 of each aasic. block 40-k has stored tnerein a program 
{an application or ar> applet). The data area 42 of each 
basic: block 40-k. on the otner hand, has stored therein 
the data used si the time of executing the program in 
the program area 41 of. the same baste biock 40-k. 
[0039] The basic blocks 40-1 to 40-6 are independent 
of each other, and are basically so managed that the 
application or the applet stored in the program area 41 
of a given basic block 40-] cannot access the data area 

42 of another basic block 40-k (* j) By employing this 
configuration, trse security of each program is ma'tn- 
ta-ned. Even in trie case where data having a monetary 
value (what is called ,: a value"} are recorded in the data 
area 42 of a given basic block 40-j : therefore, the par- 
ticular data is never rewritten, intentionally or incidental- 
ly, by a program stored in another basic block 40-k (* j). 
[G040] The application or the applet constituting a pro - 
a ram stored in she program area 4" . on the other hand, 
cannot be distributed or deleted without l he intermediary 
of the distribution management server 1 6. The data area 
42. however, can be operated directly through the dis- 
tribution management server 16 or a local terminal as 
in the case where the electronic money is downloaded 
from an ATM. 

[0041] Further, tie application area "£ has a storage 
area for an activate Stag Indicating whether the pro- 
gram in the program area 41 0 f each of the basic blocks 
40-1 to 40-6 can be executed or not. 
[0042] The control unit 30 is a means for writing a pro- 
gram forthe basic aicck of the application area 12B -set- 
ling or resetting she activation flag corresponding to 
each basic biock cr executing a program in a designated 



Basic block, in response to a request given through the 
mobile terminal 11 . Upon arrival of a program encrypted 
by the UIM public key from the distribution management 
sewer 1 6, the control unit 30 decrypts the program using 

5 the UIM private key in the system area 1 2 and writes it 
in a basic block. Also, the control unit 30 can execute 
the program in the basic block. In the process, the infor- 
mation required by the program in execution is acquired 
from the other party of tne communication in the network 

to or from the user of the mobile terminal 11 through the 
browser executed by the mobile terminal 11 The control 
unit 30 can aiso send the result of program execution to 
the other party o) communication in the network or ser e 
it to the user of the mobile terminal 11 through the brows- 

55 cr. Also, the control unit 30 car exchange information 
with external devices through the hardware resources 
of the mobile terminal 11 without the intermediary of the 
browser in accordance with the program in the basic 
block. An example of a program available for this pur- 

20 p 0& t> iS gn application program for causing the mobile 
terminal 11 to function as a commutation pass. In exe- 
cuting this program, the control unit 30 can exchange 
the pass information with the card reader/writer at the 
gates of a raliway station utilizing a short-range ?ad;o 

25 unit (not shown) connected to the external equipment 1/ 
F of the mobile terminal 30 The program for the control 
unit 30 to perform the various processes described 
above, including the execution and control of the pro- 
gram in the application area is stored in the system area 

30. 12A. 

fi .4] Operation of first embodiment 

[0043] Now, the operation of the first embodiment will 
as be explained taking the distribution of the commutation 
pass applet as an example. 

[0044] Fig. 5 is a sequence diagram showing the proc- 
ess of program distribution, write operation and activa- 
tion. 

-to [0045] As shown in Fig. 5, these series of processes 
are roughly configured of the step of distributing an in- 
active program (applet) as a memory module to the U;M 
12 and writing it in the UIM 12 (step 51), and an activa- 
tion step for activating the program written (step S2). 

45 

(i .4 1 ; Issue of certificate to distribution management 
server 

[0046] Fig. 6 is a sequence diagram showing the p-oc- 
50 ess of distributing a program and writing it in the JIM 
12 As shown m Fig. 6 the authentication server 1? is- 
sues a certificate to the contents server 19 permitted to 
distribute the program addressed to the UIM 12 ;.step 
S11). The certificate is issued to enable the cements 
55 setver 1 9 and the distribution management server 1 6 to 
perform the encryption communication based on the 
public key encryption rneihod. Specifically; in order to 
make possible the encryption communication using a 
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public key. a distribution management server private key 
and a distribution management server puoiic key, con- 
stituting a pair, are generated The distribution manage- 
ment server private Key ;s stored m the distribution man- 
agement server "5 6. while the distribution management 
server publfc key is transmitted (rom the authentication 
server 1 8 to the contents server 1 9 as a certificate iden- 
tifying a person permitted to distribute a program. The 
contents server 1 9, uoon receipt of the distribution man- 
agement server public key, stores it in preparation for 
program distribution. 

1 1 .4.2) Program distribution request 

[0047] The user can cause the control unit 31 to exe- 
cute the browser and thus can access the home page 
of the contents provide; by operating the operating sec- 
tion 22 of the moDiie terminal 11 . As a result of this ac- 
cess, a distribution menu screen D1 indicating the pro- 
gram distribution performed by t;-e contents server 19 
of the contents p-ovider is displayed, as shown in Fig. 
7. on the display section 21 of the mobile seminal 11. 
Under this condition, tne user transmits a program (ap- 
plet) distribution request from the mobile terminal 11 
through the network to she contents server 19 by oper- 
ating the operating section 22 of the mobile terminal 1 1 
(step S12). 

[1 4 3) Certificate issue request to UIM 

[0048] The contents server 19 upon receipt oi a dis- 
tribution reques! from the mobile terminal 11, sends a 
certificate issue request to the authentication server 18 
(step S12). This certificate issue request contains the 
information for specifying the UIM 12 of the mobile ter- 
minal 11. The certificate issue is requested m order to 
enable the contents server 1 9 to conduct the encryption 
communication of public key type wth the UIM 12. More 
specifically, in order to make possible the encryption 
communication of pus lie key type, the UIM private key 
and the UiM public key paired with the former are gen- 
erated in advance, and the UIM private key Is stored in 
the UIM 12 in advance : while the UIM public key is 
stored in the authentication server i s in advance. In step 
S12, the UiM public key stored in the authentication 
server 1 & is requested as a certificate ot a person per- 
mitted lo distribute h program addressed to the UIM 1 2. 

[i 4.4] Issue of certificate and distribution of program 
with certificate to UiM 

[0049] The authentication server 18, upon receipt ot 
a certificate issue request from the contents server 19, 
issues to the contends server 19 a UIM public key as a 
certificate corresponding to the UiM 12 specified by the 
particular issue request (step S14). 
[0050] The contents server 1 9 encrypts the program 
of which distribution is requested, by use of the UIM pub- 



lic key corresponding to the UIM 12. The program ob- 
tained by the encryption is considered a program with a 
certificate for a legitimate person authorized to access 

the UIM 12. 

s f0051] Then, the program encrypted by she UiM putMic 
key is further encrypted by the contents server 1 9 using 
the distribution management server public key received 
from the authentication server 18 in advance. The pro- 
gram obtained by this encryption can be considered a 

1 o program having attached thereto both a certificate 
showing a legitimate person authorized to access jfe 
UIM 12 and a certificate showing a legitimate person au- 
thorized to distribute a program through the distribution 
management server 16. 

?5 

;1 .4.6] Program distribution 

[0052] The contents server 1 9 distributes the program 
obtained by the aforementioned two encryption sss- 
20 sions. to the distribution management server 1 6 thr ough 
the network:. (step ST5), 

[0053] The distribution management server 16 de- 
crypts the encrypted program distributed from the con- 
tents server 19, using the distribution management 

2s server private key. Once this decryption succeeds, the 
program encrypted only by the UIM public key can se 
obtained. In this case, tne contents server 19 can see 
considered a legitimate person authorized to distribute 
a program addressed to the UIM 12. The distribution 

30 management server 1 6 transmits the data on the screen 
02 snown m Fig. 7 to the mobile terminai 11 , and causes 
the data to be displayed on the display section 21 . This 
screen D2 is for making an inquiry at the user as to 
whether the program can be distributed or not. 

35 

n 4 6) Writing m UIM 

[0054] After the user confirms the screen D2 and per- 
forms the operation through the operating section 22 for 
40 permitting the program disiribulion, a notice to permit 
distribution is sen* to the distribution management serv- 
er 1 6. The distribution management server 1 6, upon re- 
ceipt of the notice, distributes to the UIM 12 the program 
obtained by decryption, i.e. the program encrypted by 
the UIM public key (step S16). 
[0055] This encrypted program is delivered as it is to 
the control unit 30 of the UIM 12 through the mobile ter- 
minai 1 1 . Specifically, the mobile terminal 1 1 simply pro- 
vides the UIM 12 with the communication function. This 
so operation by the mobiie terminai 11 guarantees the se- 
cure transmission to and the secure write operation into 
the UIM 12. 

[0056] If the distribution management server 16 :s So 
send a program to the UIM 12 in the aforementioned 
ss manner, it is necessary for the distribution management 
server 16 to establish s link with the UIM 12. This in turn 
requires ihe acquisition of the telephone number oi the 
mobile terminal 11 with the UiM 12 connected thereto 
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or built therein. 

[0057] In one conceivable method to achieve this, at 
trie t=^ne of issuing a distribution request from the mobile 
terminal 11 to the contents server 19. the telephone 
number of the mobUs terminal 1 1 is caused to be trans- 
mitted to the contents server 1 9 which sends this isle- 
phone number to ire distribution management server 
16 In this way, tns distribution management server 16 
can access, the motile terminal 11 using the telephone 
number sent to it, and thus can distribute the program 
addressed to the .<J'M vk. 

[0058] Another available method is described below. 
Specifically, in advance of issuing a distribution request 
from the mobile terminal 11 to the contents server 19, 
an identifier ;s determined between the mobile terminal 
1i and the distribution management server 16 in place 
of the telephone number of the mobile terminal 11. so 
that the distribution management server 16 stores the 
telephone number and ihe identifier as information cor- 
responding to eacn other. The mobile terminai 11 sends 
a distribution request containing tne identifier to 1 he con- 
tents server 1 s, wntch in turn attaches the identifier to a 
program when sensing the program to the distribution 
management server 16. The distribution management 
server 16 determ-nes the telephone number of the mo- 
bile terminal 11 irom -he identifier, and based on this tel- 
ephone number. ea«sthe mobile terminal 11 and distrib- 
utes the program addressed to the UIM 1 2. This method 
has the advantage that the need is eliminated o? notify- 
ing the telephone number of the mobile terminal 11 to 
the contents server 19. 

£0059] The control unit 30 of tne UIM 1 2, upon receipt 
of a program encrypted by the UIM public key in the 
manner described -above, decrypts the program using a 
UIM private key paired with the particular UIM public 
key. Once this decryption ends in success, a program 
is obtained in trie form of an ordinary text not encrypted. 
In this case, the contents server 19 making up the origin 
is considered a person duly authorized to distribute a 
program to the UIM 12. The UIM! 12 writes the program 
obtained by decryption. In the appropriate one of the ba- 
sic blocks 40-1 to 4G-6 of the memory. 
[0080] During this write operation, the screen D3 
shown in Fig. 7 is displayed by the mobile terminal 11 . 

[1 4 7] Write completion response 

[0061] At the end ot the program write operation, the 
control unit 30 of the UIM 12 transmits a write completion 
notice to the distribution management server 1 6 togeth- 
er with the information specifying the basic biock having 
the particular program written therein (stop SI 7) 
[0062] In the process, the screen D4 Indicating tiiat 
the write operation is complete {'he registration is over) 
is displayed, as shown in Fig. 7. on the display section 
21 of the mobile terminal 11 After that, the screen is 
again turned to Di by the user operation. 



f 1 .4.8] Distribution completion notice 

[0063] The distribution management server upon re- 
ceipt of a program write completion notice from the UIM 

5 12. registers the information specifying the written pro- 
gram in a data base as information corresponding to the 
information indicating she basic block of the UIM 12 m 
which the particular program is written. 
[0064] 3y accessing to the data base, the distribution 

io management server 18 can easily grasp the program 
stored in each of all the basic blocks 40-1 to 40-6 of the 
UIM 12. 

[0065] The distribution management server 16, upon 
distribution of a program into the UIM 12. starts ihe 

is charge process against the contents provider ot the con- 
tents server 19 from which the program is distributed. 
The timing of starting the charge process is not limited 
to this, but may be coincident with the timing of activation 
described later. 

so [0066] The contents provider are char get! against the 
following items. 

(a) Rental charge for basic blocks in UIM 12 

?=> [0067] Upon distribution of a program from the con- 
tents server 19 to the UirV 12, the particular program is 
stored in one of ihe basic blocks 40-1 to 40-6 in the UIM 
12. The particular basic block can be considered to be 
rented to the contems provider owning the contents 

30 server 1 9 for storing the program. Thus, a charge cor- 
responding to ihe rentai period, i.e. the period during 
which the program is stored in the basic biock is made 
against the contents provider as a rentai charge. 

35 (b) Transaction fee 

[0068] The program transmitted from the contents 
server 1 9 is distributed to the UIM 12 through the proc- 
ess in the distribution management server 16. A consid- 
40 oration for the process performed by the distribution 
management server 1 6 is charged against the contents 
provider as a transaction fee, 

[0069] The user of the UIM 1 2 receives the service sn 
terms of the distribution ot a program from the contents 

■fs sen/ if 19. and therefore is required to pay the charge 
in consideration of the service. The distribution manage- 
ment server 16 may collect ihe service charge from the 
useron behalf of the contents provider together wit 1 '; the 
communication charge forth© user, and delivers the col- 

50 lected service charge to ihe contents provider in ihe 
character of what might be called a "factor". In this case, 
iho charge made against the contents provider may con- 
tain the factoring fee. 

[0070] Upon complete program distribution, the distri- 
55 bution management server 16 notifies the contents 
server 19 (step SI 8) 
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[1- .4.9-1 Activation 

[0071j The program distributed io the UiM 12 and 
stored in the basic block cannot be executed by the user 
before activation. s 
[0072] The user oniy receives the distribution but is 
not permitted to execute the program distributed to him, 
in order to triable the contents provider io control the 
program execution start time. 

[0073] The activation is effectively utilized, for exam- to 
pie, in the case where the time to start the use of a newly 
marketed game program is determined. By use of the 
activation, the release date (program distribution date) 
and the date to start to use (activation date) can be set 
separately from each other, thereby making if possible 15 
to recuce the load on the contents server * 9. 
[0074] Another example Is a case in which the pro- 
gram for using the mobile terminal 11 as a commutation 
pass is distributee; io the UiM 12. In this case, the acti- 
vation is utilized to make the program executable from 20 
the firs', date of the term of validity of tne commutation 
pass. 

[0075] The operation for activation will be explained 
below with reference to Fig. 8. 

[1 A. S.I j Activation request to distribution management 
server 

[0076] Whenever the activation becomes necessary 
for a given program. Ihe contents server 19 sends an 
activation request to the distribution management serv- 
er 16 (step S21). This activation request contains the 
information specifying a program to be activated. Also, 
in the case where only the program stored in the UIM 
12 of a specific user is activated, the activation request 
contains the identifier (the telephone number of the mo- 
bile terminal 11 or an alternative identifier) of the partic- 
ular user. 

[1 .4.9.2! Activation request to UIM 

[0077] The distribution management server 1 6, upon 
receip! of an activation request, issues an activation re- 
quest to the UIM 12 of the mob;le lenninal 11 (step S22) 
As already described, the Information specifying the 
written program is registered In the data base of the dis- 
tribution management server 16 as information corre- 
sponding to the information indicating the basic block of 
the UiM 12 in which the program is written. The distri- 
bution management server 16. upon receipt of the acti- 
vation request, reftrstothe particular data base and de- 
termines the UIM 12 to which the program io be activat- 
ed is distributed and the basic block in which the pro- 
gram is written. In the case where the same program 
stored In a plurality of UIMs 12 is activated, as many 
activation processes as the UIMs 12 are performed 
Each mobile terminal 11 in which the corresponding U M 
12 is mounted or built is accessed, and an activation 



recues! Is sent to ihe UIM 12. The activation request 
sent to each mobile terminal 11 contains the information 
specifying the basic block having stored therein the pro- 
gram to be activated. 

[0078] This activation request, when received by the 
mobile terminal 11. is directly sent to the UIM 12. The 
control unit 3C of the UIM 12 executes the activation :n 
accordance with the activation request. Specifically, the 
UIFvl 12 sets the activation flag from "0" to "1" for the 
basic block specified by the activation request The con- 
trol unit 30 of tne UiM 12 responds to a request. If any. 
to execute the program stored in the basic block with 
the activation flag turned "i". A request. If any, to exe- 
cute '.he program in the basic biock with the activation 
flag "0". however, is reacted, 

[ 1 .4.9.3] Activation end response 

[0079] The UIM !2, upon compiete program activa- 
tion, transmits an activation end notice to the distribution 
management server 1 6 (step S23). This notice contains 
the information specifying the program of which the ac- 
tivation is ended, or more specifically, Ihe information 
specifying the basic block storing the particular pro- 
gram. 

[1 .4,9.4] Activation completion notice 

[0080] The distribution management server 1 £5, upon 
receipt of the activation completion notice from the UIM 
12, determines the basic block of the UIM 12 in which 
the completely activated program is stored. The infor- 
mation to the effect that the activation is completed is 
registered in the storage area in the data base prepared 
for the particular basic block, 

[0081] As the result of this registration, the distribution 
management server 16 can grasp, by accessing the da- 
la base, whether each program in the basic blocks 40-1 
to 40-6 is activated or net for a=i the UIMs 12, 
[0G82] Upon registration of activation completion for 
all the UIMs to which the program of which the activation 
is requested are distributed, ihe distribution manage- 
ment server 16 notifies the contents server 1 9 that the 
program activation Is complete (step S24). This notice 
contains the information specifying the program that has 
been activated. 

[1.4.10] Deactivation 

[0083] The program distributed to the UIM 12 and ac- 
tivated may require deactivation. This requirement oc- 
curs, for example, in a case where a program for the 
mobile terminal 11 to function as a credit card is stored 
in the UIM 12, and the user has lost the particular UIM 
12, In such a case, the deactivation is started :n re- 
sponse to the request from the user informed of the loss. 
Other examples include a case in which the use; that 
has received a service has failed to pay the service 
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charge before the cue date, in such a case, at the re- 
quest of ihe contents provider providing SU ch a service, 
■he deactivation ofihe program for receiving the partic- 

u'e-j service can be started 

[0084] The deactivation process wiii be expiated be- s 
lew with reference to Fig. 9. 

[1 .4.10.1] Deactivation request to distnaution 
management server 

w 

[0085] The conteris server 1 9. whenever required !o 
deactivate a program distributed to a UIM 12, sends a 
deactivation request \ 0 the distribution management 
server 16 specifying the particular UIM 12 and the pro- 
gram to be deactivated (step S31 ). is 

[1A10.2i Deactivation request to U'M 

[0086] The distribution management server 1 6, upon 
receipt of this deactivation request, accesses the data so 
case and determines thai basic block in the UIM 12 
specified by the deactivation request which stores the 
program to be deactivated. Then, the distribution man- 
agement server ie sends a deactivation request to the 
mobile termrnal 1i in which the particular (JIM 12 is ?s 
mounted or built (step S32). This deactivation request 
contains the information specifying the basic biock stor- 
ing the program to bs deactivated. 
$ ?}87 J di?*C{">v.«;ion request is sent to the UIM 12 
through the mobile terminal 11 . The activation flag pre- 30 
pared for the basic clock specified by the deactivation 
request is reset from 'T to ;, C" by the UIM 12. After that, 
the execution of the program in this particular basic 
biock is prohibited. 

35 

[1 4 10.3] Deactivator* end response 

[0088] The UiM 1 2. upon termination of the program 
deactivation, notifies the distribution management serv- 
er 16 (step S33). This notice contains the information JO 
specifying the program which has been deactivated, or 
specifically, the information specifying the basic biock 
storing the program. 

[1 4.10.41 Deactivation completion notice <ts 

[0089] The distribution management server 16, upon 
receipt of a program deactivation end notice from the 
UWI 12, determines, oasea on the notice, the basic 
biock of the UIM 12 storing the program of which the so 
deactivation has oee* completed The information to the 
effect that the deactivation is complete is registered in 
the storage area of ihg date base prepared for the par- 
ticular basic block. 

[0090] Upon regist-stion of completion of the deacti- 55 , 
vation, the distribution management server 16 notifies j 
the contents server 1 3 of the completion of the deacti- 
vation (step S34). 



II 4.11] Deletion (only when desired by user) 

[0091] A deactivated program wastefuily occupies a 
memory area in the UIM 1£ It is desirable for both ihe 
user and the contents provider to deiete such an unnec- 
essary program The deletion of the program, however, 
cannot be left to the user. If the user arbitrarily deletes 
the program in the UiM 12, the rent charging process 
for the UIM would continue to proceed in spite cf the 
' program deletion, unless the fact of deletion is notified 
to the distribution management server - 6 immediately. 
[0092] According to this embodiment, therefore, 
whenever the user desires to delete a program, the pro- 
gram is deleted under the control of the distribution man- 
agement server 16. 

[0093] A deletion, based on a reason on the side of 
the contents provider, is basically not permitted due to 
the resulting complication of the charging process. 
[0094] The operation of deleting a program in re- 
sponse to the desire of the user will be explained below 
with reference to Figs. 10 and 15 

fj ,4.11 .1] Program deletion request 

f0095] The user accesses a predetermined home 
cage of the contents provider oy operating the operating 
section 22 of the mobile terminal 1 1 A distribution men- j 
screen D11 shown in Fig 15 is displayed on the display 
screen of the display section 21 of the mobile terminal 
1 1 . This distribution menu screen D11 is provided by the 
contents server 19 of the contents provider distributing 
the program. When the user selects a menu item mean- 
ing the deletion of a program, a screen D1 2 asking ihe 
userwhetherthe deletion can be carried out is displayed 
on the display section 21 of the mobile terminal 11 ' as 
shown m Fig. 15, 

[0096] The user performs the operation permitting the 
deletion. The mobile terminal 11 transmits a program 
(applet) deletion request to the contents server 19 
through the network (step S41) This request contains 
the information specifying the program to be deletes. 
[0OS7] With the transmission of a program deletion re- 
quest, a screen D13 indicating that the deletion is go-nq 
on, is displayed as shown in Fig. 15 on the display sec- 
tion 21 of the mobile terminal 11 . 

[1 .4.11 .21 Deactivation request to distribution 
management server 

[0098] The contents server 1 8. upon receipt of a pro- 
gram deletion request, sends a deactivation request to 
the distribution management seivcr 1 6 (step S42) This 
deactivation request contains the information specifying 
the mobiie terminal 11 of the user requesting the pro- 
gram deletion and the information specifying the pro- 
gram to be deleted 
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[1 .4-.1i .£] D-sactivatSc-n requesl to UIM 

[0039] The distribution management server 16. upon 
receipt of e deactivation request, accesses the data- 
base and determines a basic block storing the program 
to be deleted. Then, shedistribution management server 
1 6 sends a deactivation request containing the informa- 
tion specifying the particular basic block to the mobile 
terminal 1 1 0 f\he user ^questing the program deletion 
(step S43). 

[01 00] This deactivation request is sent to the UIM 1 2 
through me mobile terminal 11 . The UIM 12resets, from 
"V toV the activate flag prepared for the basic block 
specified by the deactivation request. After that, the ex- 
ecution of the program in the particular basic block is 
prohibited. 

(1 .4.11 .4] Deactivation end response 

[0101] The UIM 1 2 at the end of the program deacti- 
vation, transmits a deactivation end notice to the distri- 
bution management server IS (step S44). This notice 
contains the information specifying the basic block stor- 
ing the program deactivated. 

[1 .4.11 .5] Deactivation end notice 

[0102] Tne distribution management sewer 16. upon 
receipt of the program deactivation end notice from the 
UIM 12, registers ths information to the effect that the 
deactivation is comptete. in the area of the data base 
corresponding to the basic block of the UIM 1 2 specified 
by the deactivation end notice. 
[0103] The distribution management server 1 6 sends 
a program deactivation end notice to the contents server 
19 (step S45). 

11 4.11 .6] Deletion request to distribution management 
server 

[01 04] The contents server 1 9 , upon receipt of the de- 
activation end notice lor the program to be deleted, from 
the distribution management server 16, requests the 
distribution management server 1 6 to delete the partic- 
ular program (step S51) . 

[1 4.11 .7] Deletion requesl to UIM 

[0105} The distnoution management server 16. upon 
receipt of tne program deletion request, sends a pro- 
gram deletion revest to the UIM 12 of the user who 
requests the program deletion (step S52>. This program 
deletion request contains the information specifying the 
basic block storing the program to be deleted. 
[0106] The program deletion request is sent to the 
UIM 12 through ir-s mooile terminal 11 The UIM 12 de- 
letes the program in the basic block specified by the pro- 
gram deletion request. 



[1 4.11 ,8] Deletion end response 

[0107] The UIM 1 2, at the end of the program deletion, 
transmits a deletion end notice indicating the program 
5 deletion to the distribution management server 1 6 (step 
S53). This deletion end notice contains the information 
specifying the basic clock irom which the program is de- 
leted and the program deleted. At the same time, a 
screen Di4 indicating the end of deletion is displayed, 
10 as shown in Fig 15, on the display section 21 of the 
mobile terminal 11 . 

(1.4.11 .91 Deletion completion notice 

is [0108] The distribution management server 16 upon 
receipt of the deletion end notice from the UIM 12, reg- 
isters the information to the effect that the program has 
been deleted in the storage area in the data base cor- 
responding to the combination of the user requesting the 
5 " deletion and the program deleted. 

[0109] Then, the distribution management server 16 
sends to the contents server the notice that the program 
deletion is complete (step S54). 

[01 10] In the case where the charge procoss against 
the contents provider has been made for the program 
deleted, the distribution management server ceases to 
charge the contents provider thereafter. 

[1 .4 12] Deletion (only when desired by distribution 
30 management server) 

[01 1 1] According to this embodiment, a program may 
be deleted by other than the intention of the user. An 
example is the expiry of a predetermined term during 
35 which a program can be used. 

[0112] The operation for deleting a program under the 
guidance of the distribution management server in such 
a case will be described beiow with reference to Fig. 11 . 

40 [1 .4.12.1 1 Deactivation request to UIM 

[0113] If the usable term of a program has expired and 
the program is required to be deleted, the distribution 
management server 16, by accessing the data base, de- 
J5 term.nes all the UIWs 12 to which tne program to be de- 
leted has been distributed and the basic btocKs storing 
the program to be deleted in each of the UlrVls 12, and 
sends a deactivation request to each of tne UIMs 12 
(step S61). Each deactivation request contains the m- 
so formation specifying the basic biock storing the program 
to be deleted. 

[0114] The deactivation request is sent to each UIM 
12 through the mobile terminal 11. The UIM 12 resets, 
from "1 " to "0". the activation flag corresponding lo the 
55 basic block specified by the deactivation request. After 
that, the execution oMhe program in the particular basic 
biock is prohibited. 
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11 .4.12 21 Deactivation find response 

[011 5] A! the end of the deactivation, the U!M 12 
transmits a deactivation end notice to the distribution 

management server 13 (step 362). 

[1 4,12.3] Deactivation completion notice 

[011 6] The distribution management server 16. upon 
receipt of the deactivation end notice from the party to 
whteh the program so be deleted has. been distributed, 
registers the information indicating the completion of the 
deactivation in the storage area of the data base formed 
for the particular program. 

[01 17] The distribution management server 1 5 sends 
a program deactivation completion notice to the con- 
tents server 19 (step S63). 

P 4 12 4] Notification of deactivation completion notice 
recast to distribution management server 

[0118] The contents server 16. upon receipt of the. de- 
activation completion notice from the distribution man- 
agement server 16. sands a deactivation receipt notice 
So the distribution management server 16 (step S64). 

[1 .4.12.51 Deletion request to UsM 

[01 1 Q| The distribution management server 16, upon 
receipt of the deactivation receipt notice, sends a pro- 
gram deletion request to the mobile terminal 11 that has 
transmitted the deactivation completion notice corre- 
sponding to the deactivation receipt notice {step S71). 
The deletion request sent to the mobile terminal 11 con- 
tains the information specifying the basic block storing 
the program to be {teieusd. 

[0120] The UiM 12, upon receipt of the deletion re- 
quest through the mobile terminal 11. deletes the pro- 
gram in the basse bicck specified by the request 

[1 .4.12.6] Deletion end response 

[0121] The U!Mt2. at the end of the program deletion, 
transmits a deletion end notice to the distribution man- 
agement server 16 (step S72). This notice contains the 
information specifying the basic block from which the 
program has been deleted. 

1 1 .4.12.7] Deletion completion notice 

[0122] The distribution management server 16. upon 
receipt of the deletion end notice from ail the parties to 
which the program to be deleted has been distributed, 
registers the information to the effect that the program 
has been deleted, in the storage area of the data base 
formed for the particular program 1o be deleted. 
[0123] The distribution management server 1 6 sends 
a deletion compieSc-n notice to the contents server 19 



(step S73). 

[0124] At the same time, the distribution management 
server ceases the charging process which may have 
hitherto been made against the contents provider for the 
$ deleted program. 

[1.4-12.81 Deletion result receipt notice to distribution 
management server 

"> [0125] Thecontents server 19, upon receipt of the de- 
letion completion notice from the distribution manage- 
ment sewer 16 sends a deletion result receipt notice to 
the distribution management server 16 (stop S74) 

« ;1 .4.13] Program distribution process for (JIM version 
management 

[0126] The contents server 19 may be requiredto dis- 
tribute a program voluntarily regardless of the desire on 

20 the part of the user. An upgrade of the pr ogram that has 
been distributed is a case in point. 
[0127] In such a case, the -distribution of the program 
of a new version to the U IMs 12 of ail the users to which 
the particular program has been distributed gives rise to 
an inconvenience. This is by reason of trie fact that the 
mobile terminals 11 are of various models, and the UlrVI 
specifications have various versions, it may happer- ; , 
therefore . that a program of a new version if sent to all 
the UIMs. can be executed normaily on=y by the UIMs 

30 having a version issued at a certain time point or there- 
after 

[0128] According to this embodiment, at each time of 
an upgrade of a orogram. a version notice request is 
sent to the UIMs and based on the response to the re- 

35 quest, it is determined whether the program is to be dis- 
tributed or not to a given LMl This operation ts shewn 
in Fig 12 Some of the UIMs 12 support the function of 
notifying the version thereof in response to the version 
notice request, and others do not. Fig. 12 shows the op- 

4 o eration performed in the case where a version notice 
request has been sent to a UIV1 supporting such a func- 
tion and (he operation performed in the case where a 
version notice request has been sent to a U!M not sup- 
porting the (unction. 

45 

[1 .4.13.1] Operation for UlfVt supporting version notice 
function 

[1 .4.13.1.1] Program distribution request to distribution 
s 0 management server 

[0129] Prior to distribution of a program after upgrade, 
the contents server 1 9 sends to the distribution manage- 
ment server 16 a program distribution request contain- 
55 ing the information specifying the program and the ver- 
sion information indicating the version of the UIM 12 that 
can execute -he particular program (step S81 ) 
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11.4 13 1 2] Version notice request to UiM 

[0130] The distribution management server 1 6, upon 
receipt of the program distribution request, accesses the 
data base, determines all the mobile terminals 11 to $ 
which the program specified by the program distribution 
request has been distributed, and sends a version no- 
tice request to the mobile terminals 11 thus determined 
ts'-eo SB2) 

'to 

[' 4.13.1.3} Version notice 

[0131] The versior, notice request is sent to each UIM 
12 thrc;.=gh the mobiie terminal 11 The UIM 12, upon 
receipt of the version notice request, notifies the version i$ 
thereof to the distribution management server 16 (step 
S83). 

M .4.13.1 .4] No program distribution notice 

so. 

UVi32] The distribution management server 16 re- 
ceives a version no-ice from each UiM 12. in the case 
where ihe version notice received from a given UIM 12 
fails to meet the conditions indicated by the version in- 
formation from the contents server 19. the contents 25 
server 19 is notified that the program cannot be distrib- 
uted to the particular UIM 12 (step S84), 
[0133} in the case where the version notice received 
from another given UiM 12 meets the conditions indicat- 
ed by the version information from the contents server 30 
19. on the other hind, the distribution management 
server 16 distributes the program to the particular UiM 
12. This operation is described above with reference to 
Figs. 6 and 8. 

35 

(1 4.13.2] Operation for UIM not supporting version 
notice function 

■1.4.13.2.1] Program distribution request to distribution 
management server 40 

[0134] The contents server 1 9 sends a program dis- 
tribution request to the distribution management server 
16 in the same manner as described above (step S91). 

45 

[1.4.13.2.2] Version notice request 10 UIM 

[01 35] The distribution management server 1 6 sends 
aversion notice request to the UIM 12 of the mobile ter- 
minal 11 {step S92). 50 

[1.4,13.2.3] Timer count 

[013$] In this case, the UIM 1 2 does not support the 
version notice function, and therefore makes no re- 55 
sponse. 

[0137] Thus, the distribution management server 16 
monitors the timer, and upon expiry of a predetermined 



time-out period (step S93), sends a version notice re- 
quest again to the UiM 12 of the mobile terminal 11 (.step 
S94's. Then, the value on the retry counter is increment- 
ed by one. 

[0138] in a similar fashion, the distribution manag-i- 
ment server 16 monitors the timer, and upon expiry of a 
predetermined time-out period (step S95}, sends a ver- 
sion notice request again to the UIM 12 of the mobile 
terminal 11 (step S96). Then, the value ofthe retry coun- 
ter is incremented by one, 

p. 4. 13.2.4] Mo program distribution notice 

[0139] Once again, the distribution management 
server 16 monitors the timer, and upon expiry of a pre- 
determined time-out period (step S&7), sends a version 
notice request again to tne UIM 12 of the mobile lermir-al 
11 (step S96). Then, tne value on the retry counter is 
incremented by one. 

[0140] In the case where the figure on the retry coun- 
ter reaches a predetermined value (3 in this case), the 
distribution management server 1 6 determines that she 
version of ihe UIM 12 faiis to meet the conditions for she 
version notified from the contents server 1 9, and sands 
a no-program distribution notice to the contents server 
19 (step S84) 

[0141] As a result the contents server 19 confirms 
that tne program oi which distribution is desired, cannot 
be distributed 

[1 .4.14] Program distribution process based on Ul!tt 
memory capacity limitation 

[0142] The limitation of the memory capacity of the 
UiM 1 2 may make the program distribution impossible, 
even if desired by the contents server 19. An example 
of the operation performed in such a case is showr- in 
Fig 13. This operation will be explained below. 

(1 .4.14.1 j Rejection by distribution management server 

[0143] 'The contents server 1 9 requests the distribu- 
tion management server 1 6. by attaching the program 
■o be distributed, to send a program distribution request 
to the UiM i a (stepSioi ). 

[0144] The Information indicating the memory state of 
each UiM is registered ;n the database of the distribution 
management server 16. The distribution management 
server 16, upon receipt of the program distribution re- 
quest to a given UIM 12, accesses the data base, and 
determines whether the basic block for the particular 
UIM 12 is available for storage, or if available, is too 
small in capacity to store the program (the capacity may 
vary from one version to another of UIM) or whether 
there is any other stumbling block to tne program distri- 
bution . 

[0145] In the case vwnere the program cannot be dis- 
tributed, the distribution management server 16 sends 
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^ notice to the consents server 1 S that the program can- 
not be d!sthb;j:ed due to the shortage of the memory 
capacity (step S102) 

[0146] As a result, the contents server 19 confirms 
that the proqrarn for which distribution is desired, cannot 
L-s distributed. 

ri .4.14.2} Rejection by uim 

[01 47} The memory capacity and the current occu- 
pancy state of each UIM 12 are registered in the data- 
base of the distribution management server 16. f-Gr 
some.- reason or other, however the actual UIM memory 
state may differ from the memory state registered in the 
database of the distribution management server 1 6. The 
operation performed in such a case is described betow. 
[01 48] First, the contents server 1 9 sends a program 
(Ssiribution request together with a program to the dis- 
tribution management server 16 {step S111>. 
[0149] The distribution management server 16 ac- 
cesses trie data base and determines whether the basic 
block of the destination UIM 12 is available for storage 
fine has a sufficient capacity 

[0150] in the ca?a where trie determination is YES. 
tfie distribution management server 1 6 sends a write re- 
quest together with the program to the UIM 12 (steo 
S112). 

[01 51] The UiM 12 that has received the writs request 
determines whether the program attached to the write 
request can be stored in any one of the basic blocks or 
not. in the case where the determination is NO trie UWI 
12 sends a no-program distribution notice to the distri- 
bution management server 15 cue to lack of memory 
capacity (step S1 13), 

[01 52'j The distribution management server 16. upon 
receipt of the no-program distribution notice due to lack 
of memory capacity, sends it to the contents server 19 
(step S114). 

[0153] From this notice, the contents server 19 can 
confirm that the program cannot be distributed to the 
UIM to which the distribution is desired. 
[0154] It may aiso happen that a program cannot be 
stored in a basic ctcc* dueto a write error n the memory 
of the UIM 12 or the naff unction ot the memory device. 
In such a case e>:ac;iy tne same operation as described 
above is performed. Fig. 14 shows such an operation. 
In Fig. 1 4, steps SI 21 to S124 correspond lo steps Sill 
to S114 in Fig. 13 arid represent exactly the same op- 
eration, respectively. 

[1 4.15] Specific example of operation 

[0155] Now, a specific example of the operation ac- 
cording to this embodiment wli! be explained 

[1 4.15 1} Execution of program stored in UiM 

[0158} In this example of an operation, assume that a 



program called " OG RAILWAY" is stored in the basic 
blocK 40-1 of the UIM 12. 

[0157] The user operates the operating section 22 of 
the mobile terminal 11 and thus accesses the home 

s page of the contents provider thai has distributee' the 
"CO RAILWAY" program. A distribution menu screen 
D21 as shown in Fig. 16 is displayed on the display 
screen ot the display section 21 . This distribution menu 
screen D21 is provided by the contents server 19 of tr;o 

'0 contents provider. The user performs the operation for 
selecting an item concerning the purchase ol a commu- 
tation pass from the menu displayed on the distribution 
menu screen D21 . A purchase request for 1 he commu- 
tation pass is transmitted from the mobile lerminal 1 1 to 

'= the contents server 1 9 through the network. 

[0158] As a result, a download screen 022 is sent 
from the contents server 19 to the mobiie lerminal 11 
and displayed on the display section 21 . The download 
screen D22 contains a menu of several value data hav- 
so jng the same monetary value as the commutation pass. 
[0159} Once the user selects the desired value data, 
the information requesting the selected value data Is 
sent to the contents server 1 9 from the mobile terminal 
11. 

25 [0160} After that, the contents server 1 9 sends to the 
mobiie terminal 1 1 -he screen data for selecting a meth- 
od of account settlement. As a result, a screen D23 is 
displayed by the mobile terminal 11 The user selects 
"SELECT FROM JIM fVltrNU" from the menu sterns in 

30 the screen D23. and thus car, settle the account by use 
of the program in the UiM 1 2 Specifically, once this se- 
lect operation is performed, the UIM 1 2 is notified of the 
fact. Upon receipt of this notice, the control unit of the 
UIM 12 returns to the mobiie terminal 11 the list of the 

35 programs stored in the basic blocks 40-1 to 40-6 The 
screen D24 containing this lis; is displayed on the dis- 
play section 21 of the mobile terminal 1 1 . The user se- 
lects a settlement program from the list. The selected 
program is executed by the UIM 12 thereby to settie the 

4Q account, 

[0161] Assume that the account is settled by execut- 
ing the program in the program area 41 of the basic 
block 40-2, The data area 42 of the same basic block 
40-2 is used for settling the account. 

*s [0162] The contents server 19, upon detection tnat 
the account has been settled, sends the value data of 
the commutation pass included in the commutation pass 
purchase request described above, to the mobile termi- 
nal 11 , This value data contains the information such as 

so the names of the two stations involved, the validity term, 
the name of the user and the age of the user and are 
sent from the mobiio terminal 11 to the UIM 12. The val- 
ue data, which are to be used for the "CO RAILWAY" 
program, are stored in the data area 42 of the basic 

55 block 40-1 corresponding to the same data in the UIM 
12. 
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[1 4 15.2] Mai! order sale using network 

[0163] intnis example d an operation, a program (or 
a mail order sale is stored m the basic block 40-2 of the 
UIM 12 

[0164] The user accesses the home page ot the con- 
tents provider by operating the operating section 22 of 
tne mobile terminal n. so that a distribution menu 
screen D31 shown ir : Fig. 17 is displayed on the display 
section 21 of the mobiie terminal 11. This distribution 
menu screen D31 is provided by the contents server 1 9 
o? the contents provider which In turn provides the mail 
order sale {what is called ■©-commerce") service utiliz- 
ing the network. The user selects the desired commodity 
(MATSUZAKA BEEF FOR SUKIYAKI. Y5000/KG. in 
Fig 17) Ircrn the commodities listed in the distribution 
menu screen D31 . Then, a purchase request is trans- 
mitted from the mobiie terminal 11 to the contents server 
1 9 through the network. 

[01651 The contents server 1 9 that has received the 

purchase request returns a settlement method screen 
032 to the mobile terminal 11. As a result a select 
screen D32 is displayed on the display section 21 . 
[0166] From the settlement methods listed in the se- 
lect screen D32 : the user is assumed to have selected 
"XX BANK". The settlement program for XX Bank stored 
in the basic block 40-3 of the 'JIM 12 is started by the 
control unit 30 of the UiM 12 and a settlement screen 
D34is displayed. 

[01673 Tns user ' in P uts the persona! identification (ID) 
number as settler-sent information. The mobile terminal 
11 tries to connect the settlement server for XX Bank 
through a communication unit 34 and the network, so 
that the screen D35 being accessed is displayed. 
[0168] Upon complete authentication, a purchase 
amount confirmation screen D36 is displayed. 
[01SS] The user confirms the amount to be paid and 
inputs the confirmation. The mobile terminal 11 displays 
a payment confirmation screen D37 of the contents pro- 
vider, i.e. the mail order house together with the delivery 
date, etc. 

[i 4.15.3| Use of commutation pass (check gate 
passage, manual start) 

[0170] According to this embodiment, the mobile ter- 
minal 11 car? be used as a commutation pass by storing 
an appropriate program in the UiM 12. An example of 
operation will be explained below. 
[0171] First, the user depresses a button 23. A UIM 
menu screen 04 ■ shown in Fig. 18 is displayed on the 
display section 2 - . The user selects "OO RAILWAY" for 
which the commutation pass is used. As a result, the 
control unit 30 of trie UiM 12 executes the CO RAILWAY 
program in the basic biock 40-1 . so that a menu screen 
D4-2 is displayed on the display section 21 
[0172] When the screen D4? isdssplayed, the user se- 
lects "4. SET APPLICATION AUTO. START". An auto- 



matic start set confirm screen 043 :s displayed thereby 
prompting the user to select. 

[0173J in the case where the user selects "YES", 'he 
automatic start is set. In the case where the user sei-sc- 
5 tion is "NO", on the other hand, the automatic start is not 
set. 

{0174] The gate of the railway company is equipped 
with a ticket check reader/writer. Before passing through 
the gate, the user performs the following operation.^ 
io [0175] First, the user depresses the U button 23. : he 
UiM menu screen D41 shown in rig 19 is displayed on 
the display section 21 . The user then selects " CO RAIL- 
WAY" for which the pass is used. As a result, the control 
unit 30 of the UIM 12 executes tne CO RAILWAY pro- 
's gram in the basic block 40-1 . and displays the menu 
screen D42 on the display section 21 . The user selects 
" 1 . PASS". The pass program constituting a part ot the 
CO RAILWAY program is started by the control unit 30. 
in accordance with this pass program, the control unit 
so 30 begins communication with the ticket reader/writer 
for pass check. In the case where this communication 
is carried out by the common key cryptosystem, for ex- 
ample, the pass check process is performed following 
the steps described below. 

25 

(1) Each party checks the other parly 

(2) The ticket check reader/writer requests the mo- 
bile terminal 11 to transmit information on the com- 
mutation pass. 

30 (3) The mobile terminal 11 encrypts the pass infor- 
mation by the common key and transmits it to the 
ticket check reader/writer. The pass information dis- 
play screen D53 & displayed on the display section 
of the mobile terminal 11, 
35 (4) The ticket check reader/writer decrypts the re- 
ceived commutation pass information, and, in the 
case where the user is found to be legitimate, the 
gate is opened to allow him in-. 

■to [0176] At the same time, a message screen D54 for 
expressing gratitude to the user is displayed on the dis- 
play section 21. 

[0177] 'The foregoing description deals with the com- 
mutation pass, in the case where the mobiie termlnai 11 
45 is used to function as a private card, however the data 
area 42 is updated to indicate the value data corre- 
sponding to the amount after subtracting the actual 
charge in the process of (4) above 

so [- .4.15.4] Use of commutation pass (gate passage- 
auto, start) 

[0178] When the screen D43 shown in Fig. 1 3 is dis- 
played, the user can select "YES 11 and the automatic 
ss start is set. The following operation is performed. Spe- 
cifically, when the mobile terminal 1 1 set to the automat- 
ic start mode approaches the gate of the station . a pol- 
ing signal transmitted from the ticket check reader/writer 
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Is received by trie mobile terminal 11. As a result, the 
pass program consisting a part of the cX' RAILWAY 
program is automatically slartec by the control unit 30 
in she UfM 12. ane the pass check simiiar to the manual 
Start is carried cut. 

{f.Sj Effect of first embodiment 

[0179] As described above, according to this embod- 
iment, even in the esse where the storage area of the 
storage module Is divided to store each program, the 
mobu: terminal simply provides the communication 
function to the UlfV, and no extra burden is imposed on 
the mobile terminal Therefore, the inherent function of 
the mobile terminal is not adversely affected 
[0180] Also, the p-ogram storage, the activation, the 
deactivation and the deletion are not carried out by the 
mobile terminal, but under the control of the oistribution 
management setter Thus, the user convenience is im- 
proved while at the same- time maintaining security 

[2j Second embodiment 

[0181] According to the first embodiment described 
above, the program executed by the UIM 12 is stored in 
the basic blocks 40-1 to 40-6 in the same UiM. In the 
second embodiment, however, alithe programs execut- 
ed are not necessarily stored in the basic blocks. 

[2.1 j Configuration of second embodiment 

[0182] F-'ig. 21 is 3 block diagram showing a configu- 
ration of a program distribution system according to a 
second embodiment of the invention 
[0183] A UiM 12. contents servers 19-1 io 19-5 and 
19X and a distributor! management server 16A are 
shown in Fig. 21 . The distribution management server 
1 6A corresponds to the distribution management server 
16 of the firs; embodiment pitis the functions unique to 
this embodiment. The contents servers 1 9- 1 to 1 9-6 and 
19X have simiiar functions to the contents server 19 of 
the first embodiment.. The system according to this em- 
bodiment has an authentication server, as in the first em- 
bodiment, not shown in Rg. 21. 
[0184] The Ul VI 12 according to this embodiment in- 
cludes an application area 12C shown in Fig. 22 in place 
of the application «rea 12B of the first embodiment. The 
program storage area 12C ;& divided into seven basic 
blocks 40-1 to 40-7 and one free basic block 40-1 . 
[0185] The bas:c blocks 40-1 to 40-7 and the free ba- 
sic block 40- F1 each have a program area 41 and a data 
area 42. A program (application or applet) is stored in 
the program area 41, The data area 42, on the other 
hand, has stored therein the data used by the program 
stored in the program area 41 of the same basic block 
or the free basic block. 

[0186] In this case, the basic biocks 40-1 to 40-7 and 
the free basic block 40- F1 are independent of each oth- 



er, and basically, the program stored in (he program area 
41 ol a given block cannot access the data area 42 of 
other biocks This is also the case with the first embod- 
iment. The program stored in the program area 41 can- 

s not be distributee or deleted without intermediary of tne 
distribution management server 16A The data area 42, 
however, can be directly operated through the distribu- 
tion management server 16A or a local terminal as In 
the case where electronic money « downloaded from 

>£> the ATM. This point is also similar to the first embodi- 
ment. 

[0187] According to this embodiment, the distribution 
of the programs stored in the basic blocks 40-1 to 40-7 
is controlled by the distribution management server 

'5 18A The program stored in the free basic block 40-F1 , 
however, is controlled not by the distribution manage- 
ment server 16A but on the user's own responsibility. 
[0188] According to the first embodiment, the pro- 
gram transmitted from the contents server 1 9, in accord- 

20 ance wit h trie d istribu S io n tec uesf from t he m ebiie termi- 
nal 11. is sent to the U:M 12 by the distribution manage- 
ment server 16. The distribution management server 
16 A according to this embodiment, on the other hand, 
accepts the program distribution request from the rno- 
bile terminal 11, and on acquiring she program by ac- 
cessing the contents server as required, distributes it to 
the UIM 12 of the mobile terminal 11 The distribution 
management server 16A according to this embodiment 
is similar to the distribution management server 16 of 

30 the first embodiment in that the program distribution 
from the contents server to the UIM 12 is relayed and 
managed. This operation, however, is not the only func- 
tion of the distribution management server ISA accord- 
ing to this embodiment. Specifically, the distribution 

35 management server 1SA has means for storing a pro- 
gram orthe information indicating the location of the pro- 
gram for the benefit of the user of the UiM 12, and any 
of the programs stored in this means can be acquired 
by the user through the distribution management server 

M 16A in this sense, the distribution management server 
18A exhibits a function similar to a cache memory for 
the UiM 12. 

[01893 in order to manage the program distribution to 
the UiM 12 and exhibit the function like a cache memory, 
the distribution management server 18A includes a dis- 
tribution management unit SC. The distribution manage- 
ment unit 50 has a user information storage unit 51 ar-d 
a program information storage unit 52. 
[0190] The program information storage unit 52 has 

so stored theiein a program proper ora URL corresponding 
to the program that csn be distributed to the UIM 12, 
The URL is the information indicating the address of a 
specific one of the contents servers 19-1 to 19-S and the 
vary contents server where a particular program is ;o- 

55 cated. Which is to be stored -,n the program information 
storage unit 52 for a given program the URL information 
or the program proper, can be determined based on the 
storage capacity of the program information storage unit 
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52, ck <n the case where the storage capacity is suffi- 
cient, can be selected as desired by the contents pro- 
vider operating the distribution sewer. 
[0131] The chance of storing a new program or the 
URL thereof in the program information storage unit 52 
is given, for example, in the case where the mobile ter- 
minal 11 of a given user sends a program distribution 
request, and a program or the URL thereof meeting the 
particular Distribution request is not stored in the pro- 
gram information storage unit 52. In such a case, the 
program information storage unit 52 accesses ihe con- 
tents server and acquires and stores ihe program de- 
sired by the user in compliance with the request from 
the mobile terminal '1 , 

[01S2] The user information storage unit 51 includes 
n [n > 1) individual L : ser information storage units 53-1 
to 53-n corresponding to n persons to which the system, 
according to the invention, is applicable. Each Individual 
user information storage unit 53 has a real distribution 
information storage unit 54 and a virtual distribution in- 
formation storage una 55. 

[0193] The real distribution information storage unit 

54 o? the individual user information storage unit 53-k 
has stored therein pointer data corresponding to the pro- 
gram actually distributed to the UIM 12 of the user k. 
The pointer data is for indicating a particular area in the 
program information storage unit 52 where the program 
or the URL thereof fs stored The availability of the real 
distribution information storage unit 54 makes it possible 
for the distribution management server 1 6A to immedi- 
ately redistribute any program, if erased, in the basic 
blocks 40-1 to 40-7 of the UIM 1 2. 

[0134] The virtual distribution information storage unit 

55 of the individual user information storage unit 53-k, 
on the other hand, si ores the pointer data corresponding 
to an available program, though not actually distributee' 
to the UIM 1 2 of the user k, thai can be immediately dis- 
tributed to the UIM 12 of ihe user k who is desirous of 
having such a program. The user of the UtrVS 1 2 can re- 
ceive the following services by use of the virtual distri- 
bution information storage unit 55. 

(a) The pointer data of a program of which distribu- 
tion to the UiW 12 is desired is provisionally stored 
in the virtual distribution information storage unit 55. 
The user, whenever the distribution of the program 
with the pointer data thereof stored in the virtual dis- 
tribution information storage unit 55 is required, 
sends a request to the distribution management 
server 1 6A usir^ the mobile terminal 11 . The distri- 
bution management server 16A reads the pointer 
data of the requested program Srorn the virtual dis- 
tribution information storage unit 55. and acquires 
and distributes the program specified by the partic- 
ular pointer dais to the U'M 12. in this case, the 
pointer data o« the program distributed to the UIM 
1 2 is moved from the virtual distribution information 
storage unit 55 to the real distribution information 



storage unit 54 

(b) The number of the basic blocks in the UIM 1 2 :s 
limited. Therefore, it may happen that all the basic 
blocks are occupied and no basic block is available 

5 for storing the program to be distributed in such a 
case, (he distribution management server 1&A 
reads the pointer data from the storage area corre- 
sponding to a given basic biock 40-X in the U IM 1 2. 
from among the storage areas in the rea! distrlbu- 

io tion Information storage unit 54. and transfers it to 
the virtual distribution information storage unit 55. 
The program to be distributed is sentto ihe UiM 12. 
where it is written in the basic block 40-X. and the 
pointer data of the program is written in the storage 

'5 area corresponding to the basic block 40-X in the 
real distribution Information storage unit 64. This 
process makes it possible to acquire a program by 
a distribution request and store it in a basic biock 
even in the case where the basic blocks are fully 

zo cccupied. In the process, with regard to the program 
driven away from the basic biock. a request may be 
given again, if required, to the distribution manage - 
ment server 16A and the process described in ;a) 
above: can be earned out. 

55 

[01 65] Now. an explanation will be given of the func- 
tion of the distribution management server 16A corre- 
sponding to the free basic block 40- F1 . As already de- 
scribed, as for the f me basic block 40-F1 , the dfsiriburion 
30 management server 16 does not manage the program 
distribution. The user, by operating the mobile terminal 
11 , can freeiy register or delete a program in the free 
basic block 40-Fl 

[01 SS] The real distribution information storage unit 
35 54 of the individual user informaiion storage unit 53 has 
a storage area corresponding to the basic block 40- F1 
of the UIM 12. in this area, however, no pointer data of 
a program Is stored, but the data including the number 
of times a program is registered in or deleted from the 
40 basic block 40 -F1 or the URL Information thereof, in the 
case where nothing is stored in the free basic biock 
40-F1 , the data indicating the fact ("Nuii' : data, etc.) may 
be stored in this area. 

[0197] The program in the free basic block 40-Fl of 
45 the UIM 12, should it be deleted, unlike the programs 
stored in the basic blocks 40-1 to 40-7, remains as it Is 
until registered again by the user himself. 
[01 SS] In the case where the user is desirous of 
changing the program in the free basic block 40-Fl tern- 
so porahly to another program, on the other hand, such a 
change can be made always by the user himself rewrit- 
ing it. 

[0199] in such a case, the distribution management 
server i 6A cannot carry out ihe charging process even 
53 jf a program is stored in the free basic block 40-Fl . 
[0200] The free basic biock 40-F1 can be changed so 
that i! can be handled the same way as the basic blocks 
40-1 to 40-7 as desired by the user. Specifically, before 
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the charge, seven basis blocks 40-1 to 40-7 and oris 
free basic block 40-Fl can be used as eight basic blocks 
40- 1 to 40-3. 

[0201 J in such s case, the infor mation So the effect that 
the free basic block 40-F1 has been chanced so the be- 
sic block 40-8 is written by the distribution management 
server 16A in the system area 12A ;Fig. 4) of the UIM 
12. Also, the area in the teal distribution information stor- 
age unit 54 that has hitherto been handled as an area 
corresponding to trie free basic block 40-F1 can be han- 
dled by the distribution management server 16A as an 
area corresponding to the basic block 40-8. and using 
this area, the same management as that of the basic 
blocks 40-1 to 40-7 ;s started. 
[0202] The basic stock that has been changed io trie 
basic block 40-8 by the user in this way can be restored 
to the free basic bk.ck 40-F1 again. The basic blocks 
40-1 to 40-7 cannot :>e changed to free basic blocks. 

[2.2] Configuration of distribution management server 

[0203] A configuration ofthe distribution management 
server is shown in Fig, 23. 

[0204] Tho distribution management server 16A is 
roughly configured o; a transmission control unit 61 . the 
user information storage unit 51 described above, the 
program information storage unit 52 described above 
and a secure communication control unit 62 
[020S] The transmission control unit 61 controls the 
transmission between the external contents servers 
1 9-1 to 19-6 or between the mooilo terminals 1 1 (includ- 
ing the transmission between the contents servers '■■ 9-1 
to 1 9-6 and the moDce terminals 11 ) The transmission 
control unit 61 also controls the transmission between 
the user information siorage unit 51 . the program infor- 
mation storage unit 52 and the secure communication 
control unit 63 to each other. Further, the transmission 
control un;t61 controls the distribution management unit 
50. the user information storage unit 51. the program 
information storage unit 52 and the secure communica- 
tion control unit 63 on the one hand, and requests the 
execution of various processes in the distribution man- 
agement unit 50, the user information storage unit 51, 
the program information storage unit 52 and the secure 
communication contra! unit 63 on the other hand. 
£0206] The program information storage unit 52 sub- 
stantially functions as a portal site for the program per- 
mitted to be distributed to trie basic blocks 40-1 to 40-7 
ofthe UIM 12. 

[0207] The secure communication control unit 63 au- 
thenticates the information (an encrypted program, etc.) 
sent from the contents servers 13-1 to 1G-6, holds the 
public key paired with the private key held by each (JIM, 
and manages the issue of the public keys for the con- 
tents servers 19-1 to 19-6 



[2.3] Operation of second embodiment 

[2.3.1] Registration in user information storage unit 



in the example shown in Fig 21 . the contents 
servers 19-1 to 19-5 are under the control of the distri- 
bution management server 16A. The user desirous of 
using a program (applet) stored in any of the contents 
servers is required to register the particular program in 
'0 the user information siorage unit 51 of the distribution 
management server 16A. The registration process vtfll 
be explained below with reference to Fig. 2d. 
[0209] First, the user sends a request for a menu iist 
of the programs that can be registered, to the distribution 
1 $ management server 16A from the mobile terminal it. 
This request is sent to the program information storace 
unit 52 through the transmission control unit 61 of the 
distribution management server 16A (step S131). 
[0210] The program information siorage unit 52 tftai 
so has, received the request prepares a menu list of ail the 
programs that can be registered or : specifically, all the 
programs of which the program proper or the URL is 
stored In the program information storage unit 52, and 
transmits the menu list through the transmission control 
25 unit 61 to the mobile terminal 1i (step SI 32). 

[0211] This menu list is received by the mobile termi- 
nal 11 and displayed on the display section 21 . Under 
triis condition, the user can acquire, by operating the op- 
erating section 22 . a comment on the desired program 
30 from the distribution management server 16A and dis- 
play it on the display section 21 . 
[0212] Once the program of which distribution is re- 
quested is determined by the user operating the oper- 
ating section 22. the mobile terminal 11 transmits a req- 
35 istration request containing the information specifying 
the particular program to the program information stor- 
age unit 52 of the distribution management server 1 6A 
(steps 133). 

[0213] The program information storage unit 52. 
■*o based on tile program registration request, registers the 
program requested by the user in the user information 
storage unit 51 (step S134). 

[0214] The operation in step SI 34 will be describees 
in detail. First, assume that the registration request is 

« issued from the mobile unit 11 In which the UIM 12 of a 
given user k is built or mounted In this case, the pro- 
gram information storage unit 52, based on the registra- 
tion request, identifies theprogram requested by the us- 
er, and determines the pointer data for specifying tne 

so internal area of the program information storage unit 52 
in which the URL information indicating the location of 
the program or the program proper thereof is stored 
Once the pointer data of the program requested by tre 
user is obtained in this way, the program information 

55 storage unit 52 accesses the contents stored in each 
area of the real distribution information siorage unit 54 
of the individual user information storage unit 53-k cor- 
responding to the user k, and thus determines the basic 
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block 40- X (i 5 X S ?} available for storage among the 
basic blocks: of the UiM 12 of the user k. The pointer 
data of the program requested by the user is registered 
in the area of the real distribution information storage 
unit 54 corresponding to the basic block 40-X (step 
ST34). it may be that the UIM 12 of the user k has no 
basic block 40-X (1 s* X ?S 7> available for storage in 
such a case, the program information storage unit 52 
registers the pointer data in the virtual distribution infor- 
mation storage ur.lt 55 designated by the user or set au- 
tomatically. 

[0215] In step SI 41 , the menu iist may not have any 
desired program. In such a case, the user can request 
the program information storage unit 54, by operating 
the mobile terminal «- - > the desired contents 

server In this case, t&e program information storage unit 
54, in compliance wltn the user request, acquires the 
program or the URL thereof from the contents server 
desired by [he user, and holds it in the unoccupied area 
in the program information storage unit 54. in the proc- 
ess, the pointer da;?, indicating the location of the ac- 
quired program or ine URL thereof is registered in the 
real distribution information storage unit 54 :n the same 
manner as the procedure mentioned above. 
[0216) Upon complete registration of the program re- 
questedby the user ;r> this way. the distribution manage- 
ment server 1 6A starts the charge process for the user 
or the contents prc-v der that has distributed the partic- 
ular program- 

[0217] Then, the user information storage unit 61 
sends a registration notice to the mobile terminal 11 
through the transmission control unit 61 (step S135). 
[021S] The mobile terminal 1 1 . upon receipt of the reg- 
istration notice, sends a registration acknowledgment to 
the distribution management server 18A (step SI 36). 
[021 91 The user information storage unit 51 , upon re- 
ceipt of the registration acknowledgment through the 
transmission control unit 61 from, the mobile terminal 1 1 
having the UIM 1 2 oi the user k built therein or connect- 
ed therewith, determines the contents provider 19 stor- 
ing the program of winch the pointer data has been reg- 
istered for the user k. and sends an activation permis- 
sion request to the contents server 1 9 (step SI 37) 
[0220] The contents server 1 9 that has received the 
activation permission request, in order to approve a pro- 
gram utilization contract, sends the activation permis- 
sion to the user interna lion storage unit 51 (step S138) 
As a result, the user information storage unit 51 consid- 
ers that the use is permitted of the pointer data stored 
in that area of the real aistribul ion information storage 
unit 54 of the individual user information storage area 
53- k for the user k which corresponds to the basic biocst 
40-X. 

[0221] The user information storage unit 51 sends a 
registration completion notice indicating that the regis- 
tration in the mobile terminal 11 is completed (step 
Si 39). This registration completion notice contains a 
registration list providing a list of the programs with the 



pointer daia thereof registered in the user information 
storage unit 51. 

[0222) The user can confiim the registration iist from 
the display section 21 of the mobile terminal 11 

5 

(2.3.1 .1] Registration of UIM in basic block (the contents 
server holding the program) 

[0223] Tne user k who has received the registration 
w list can req uest the program for which he has requested 
registration, to be distributed and written in the UIM " 2 
With reference to Fig. 25, this operation wiil be ex- 
plained. 

[0224] The user k performs the operation for selecting 

is a program of which distribution is desired from the reg- 
istration list. Then, a distribution request containing the 
pointer in the registration list, indicating the position 
number in the registration list where the particular pro- 
gram is located, is sent to the user information storage 

20 unit 51 of the distribution management server ISA from 
the distribution terminal 11 (step S141). 
[0225] The user information storage unit 51 . upon re- 
ceipt of a distribution request from the mobile terminal 
11 cf the user k. roads the pointer data specifying tne 

35 place of storing the program proper or the URL of the 
program requiring distribution, from that area of the real 
distribution information storage unit 54 of the individual 
user information storage unit 53-k which corresponds to 
the pointer in the registration list contained in she partic- 

30 ular distribution request. The distribution request con- 
taining the pointer data is sent to the program informa- 
tion storage unit 52 (step Si 42). 
[0226] The program information storage unit 52 ac- 
cesses the area specified by the pointer data in the par- 

35 ticuiar distribution request, in the case where the UflL 
cf the program Is stored in the area, the program distri- 
bution is requested from the contents server 19 using 
the URL (step S1 43). 

[0227] The contents server 19, upon receipt of this 
40 distribution request, requests the authentication server 
18 to issue a public key for the distribution management 
server (step S144) . 

[0228] In the case where tne contents server 18 is per- 
mitted to write In the UiM 12. tho authentication server 

45 isissuesthepublickeyfortne distribution management 
server to the contents server 1 9 (step S145). 
[0229] The contents server 1 9 encrypts the program 
using the public key for the distribution management 
sorver, and distributes it as a program, with a certificate. 

so t 0 >,he secure communication control unit 62 of the dis- 
tribution management server 16A (step S14S) 
[0230] The secure communication control unit 62 has 
stored therein a distribution management server private 
key paired with thedistribution management server pub- 

55 lie key, and using this private key. decrypts the program 
with a certificate. In the case where this decryption is 
successful, a program written in a common text is ob- 
tained. 
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[0231] Tne secure communication control unit 62 ac- 
quires IheUlM public key corresponding to the destina- 
tion Uifvi 12 from -he authentication server (refer tc the 
firs:! embodiment;, and encrypting the program by the 
UIW public key. sends it to the UIM 12. In the UIM 12. 
the program is decrypted using the UIM private key 
paired with the UIM public key. Once the decryption is 
successful, a program in a common text is obtained. The 
U M 1 2 writes this program in the basic block 40-X (step 
S W). The UIM 12 determines the basic block 40-X by 
the same algorithm as used by the program information 
storage unit 52 in the distribution management server 
1 6A. in step SI 47, therefore, the same basic frock 
is obtained as determined in step S134 o! Fig 24. Alter- 
natively, the registration completion notice transmitted 
from the distribution management server 1 6A in step 
S1S9 of Fig. 24 may contain the information specifying 
the unoccupied basic block 40-X determined in step 
S1 34, and in step S f47 of Fig. 25, the program is stored 
in the basic block 40-X specified by the particular infor- 
mation. 

[0232] The UIM 12, at the end of the program write 
operation, transmits a wrlie end notice to the secure 
communication control unit 62 of the distribution man- 
agement server 16 istep S148). This write end notice 
contains the information for specifying the basic block 
40-X in which the program is written. 
[0233] When the secure communication control unit 
65 of the distribution management server 16 receives 
the write end notice the user information storage unit 
51 sends an activation request to the contents server 
1 9 in order to request the permission for execution of 
the program written -m the UIM 12 (step SI 49}. 
[0234] The contents server 19 that has received this 
activation request sends an activation permission tc the 
user Information storage unit 51 (step SI 50). 
[0235] The user information storage unit 51 that has 
received the activation permission sends an activation 
instruction to the U?M 12 (step Si 51). 
[0236j In the UiM 12, upon receipt of the activation 
instruction, the activation flag corresponding to the basic 
block 40-X in which the program is written turns from ''0" 
to '"!'■. after which the execution of the program in the 
particular basic block becomes possible. 
[0237] The Ui-vl 12, at the end of the program activa- 
tion, transmits an activation acknowledgment notice In- 
dicating I he end of tne program activation to the user 
information storage unit 51 of the distribution manage- 
ment server 1 6A, together with the information specify- 
ing the program - for example. The information specifying 
the basic block 40-x; (step SI 52). 
[0238] The user information storage unit 51 , upon re- 
ceipt of the activation acknowledgment notice from the 
UIM ^2 of the user k, determines an area of the real dis- 
tribution information storage unit 54 of the individual us- 
er information storage unit 53- k corresponding to the ba- 
sic b-ock 40-X. in ;h;s area, the pointer data correspond- 
ing to the program written in the basic block 40-X is al- 



ready written in the UIM 12 of the user k. In this area, 
the information to the effect that the aciivation is com- 
plete is written m such a form that a given pointer coex- 
ists As the result of this operation, the distribution men- 
s agement server 1 SA can grasp whether the activation 
has been performed for the basic blocks 40-1 to 40-7 of 
si! the UlMs 12 by accessing each area of the user in- 
formation storage unit 51 . 

[0239] The user information storage unit 51. at ire 
to end of the operation for writing the information to tr-e 
effect that the activation is complete, notifies the mobile- 
terminal 11 that the registration is complete as a pro- 
gram list, and subsequently, notifies that the program 
can be executed, while at the s-s-rtf; time ending tf-e 
15 process (step S1 53). 

[0240] The distribution management server 1 6A noti- 
fies the contents seryer 1 9 that the activation of the pro- 
gram is completed (step S154) 

20 [2.3.1 .2] Registration of in UIM basic block (in the case 
where the distribution management server holds the 
program proper) 

[0241] In the example of operation shown in Fig, 25. 

25 the program proper, of which the distribution is desired 
by the user, is not stored in the distribution management 
server 1 6A but in the- contents server 1 9. In the operator; 
example shown in Fig. 26, in contrast, the program prop- 
er of which the distribution is desired by the user is 

so stored in the distribution management server 1 6A. The 
operation example shown in Fig, 26 will be explained 
below. 

£0242] The user accesses the registration list re- 
ceived from the distribution management server 16A, 

35 and performs the operation for selecting the desired pro- 
gram. A distribution request containing the pointer in the 
registration list corresponding tc the particular program 
is sent from the mobile terminal 11 tc the user Informa- 
tion storage unit 51 of the distribution management serv- 

*a er 16A (step SI 61). 

[0243] The user information storage unit 51 . upon re- 
ceipt of the distribution request from the mobile terminal 
ii of the userk, reads the pointer data for specify ingi^e 
place of storage of the URL of the program or the pro- 

45 gran: proper of which the distribution is requested, from 
that area of the real distribution information storage unit 
54 of tne individual user information storage unit 53-k 
which corresponds to the pointer in the registration list 
contained in the distribution request. The distribution re- 

■so quest containing this pointer data is sent to the program 
information storage unit 52 (slop Si 62) 
[C244] The program information storage unit 52 sc- 
cesses the area designated by the pointer data m the 
distribution request. In the case where the program 

55 proper is stored in the particular area, the secure com- 
munication control unit 62 requests the authentication 
server 18 to issue a certificate, i.e. sends a request for 
the UIM public key required for encrypting the program 
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proper and sending * to the UiM 1 2 of the user k (step 

SI 63). 

[0245] In the case where the program corresponding 
to the distribution request is a program permitted to write 
in the UIM 12 the authentication server 18 sends the 
UIM public key to the secure communication control unit 
62 (step S 164). 

[0246] The secure communication control unit 62 re- 
ceives this DIM public key, and upon determination thai 
the key is legitimate, encrypts the program to be distrib- 
uted, using the UIM public key. and thus generates 3 
program with certif icate. 

[0247] When Hie i;ser performs the operation at the 
mobile terminal 11 -o permits the program distribution 
the secure comroun cation control unit 62 of the distri- 
bution management server 16A sends a program with 
certificate to the UIV 12 of the mobile terminal 11 (step 
SI 65). 

[0248) The UIM 12 has stored therein a UIM private 
key paired with the UIM public key, and using this UIM 
private key decrypts the program. The same program 
is written in the basic block 40-X. 
[0249] The subsequent operation is similar to the cor - 
responding operation shown in Rg, 25. In Fig. 26, steps 
SI 66 to S171 correspond to stops S148 to SI 53 in Fig. 
,25:, 

[2 3 1 3j Registration in UIM basic, block (in the case 
where the distribution management server holds the 
program proper, an c the secure communication control 
unit holds the UiM public key) 

[0250] H may happen that when the mobile terminal 
11 sends a distributer request to the distribution man- 
agement server 16 A. the secure communication control 
unit 62 of the distribution management server 16A holds 
the UIM public key of I he UiM 12 to which the program 
is to be distributed Such a phenomenon may occur, for 
example, In the case where programs are distributed to 
the same UIM 12 within a short time. Fig. 27 shows an 
example of the operation performed in such a case. In 
this operation example, when a program proper corre- 
sponding to the distribution request is found, the pro- 
gram is encrypted using the UIM public key he id In the 
secure communication control unit 62 and written in the 
UIM 12. The operation shown in Fig. 27 is similar to the 
operation shown in Fig. 26, except that the operation 
corresponding to steps 31 S3 and S 164 for acquiring the 
UIM public key from the authentication server 1 8 is lack- 
ing. Steps SIS' , Si 82, SI 83 to SI 89 m Fig. 27 corre- 
spond to steps SI 61 . Si 62, S165 to S1 71, respectively, 
in Fig. 26. 

[2.3. -.4] Registration in UIV. free basic block 

(0251] The user, oy operating the mobile terminal 11 , 
can register a program in the free basic block 40-F1 of 

the UIM 12. This operation is shown in Fig. 28. 



[0252] In the case where a program is registered In 
the free basic block 40- F1 of the UiM 12. the user oper- 
ates the mobile terminal 11 so that the desired contents 
server 1 9X is accessed and a request for distributing the 

s desired program is sent to It (step S1 91 ), 

[0253] The contents server 1 9X that has received * his 
distribution request distributes the requested program 
to the secure communication control unit 82 of the dis- 
tribution management server 16A (step S192). 

w [0254] The user performs the operation to permit the 
distribution to the free basic block 40-F1 . and the infor- 
mation indicating the particular opera-ion is sent from 
ihe mobile terminal 11 to the distribution management 
server 16A. Then, the secure communication control 

15 unit 62 distributes the program to the UIM 12 of the mo- 
bile terminal 1 1 (step S1 93). This program may be sent 
in encrypted form or without encryption. The UIM 12 
writes this program in tne free basic bloci< 40-F1 
[0255] The UiM 12, at the end of the program wile 

20 operation, transmits a writs end notice to the distribution 
management server 16 (step 31 8-*). 
[0256] The user information storage unit 5 1 oftheciis- 
tribution management server 16 receives the write end 
notice from the UiM 12 ot the user k, and updates ihe 

2S information including the number of distribution ses- 
sions stored in the area of the user Individual information 
storage unit 53-k corresponding to the free basic biock 
40-F1 (step S19S), 

[0257] Once this update operation is completed, ihe 

so user information storage unit51 sends to the UiM 12 an 
activation instruction for the program written in the free 
basic biock 40- F1 (step S1 96-. 
[0258] The UIM 12, uicompliancawiihthis instruction, 
completes the program activation, and transmits to the 

35 user information storage unit 51 of the distribution man- 
agement server 16 an activation response notice indi- 
cating that the activation of the program in the free basic 
block 40-F1 is completed (step S197). 
[0259] The user information storage unit 61 , upon re- 

J o cetpt of the activation response notice from the UiM *2 
of the user k, registers the information that the activation 
is complete , i n th e area of the in dividual user information 
storage unit 53-k corresponding to the free basic block 
40- M . The user information storage unit 51 notifies, in 

45 the form of program list, the mobile terminal 1 1 that tne 
registration is complete, thereby terminating -he proc- 
ess (Step SI 98). 

[2.3.1.5] Program deletion from user information 
so storage unit 

[0280] Now. the process for deleting the program reg- 
istered in the user information storage unit 51 will be 
explained with reference to Fig. 29. 
s>5 [0261] The user, by performing a predetermined op- 
eration, can display the registration program list re- 
ceived from the distribution management server 1 6A, on 
the display unit 21 . Under this condition, the user spec- 
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tfies the desired program and instructs to delete the pro- 
gram in the distribution management server 1 6A A pro- 
gram registration cfelete request containing the informa- 
tion tor specifying mux is to be deleted is sent So the 
user information storage unit 51 of the distribution man- 
agement server 13A (step S201). 
[0282] in the ess e where the program to be deleted is 
already deleted from any one of the basic blocks 40-1 
to 40-7 o? the UIM 12. the user information storage unit 
5^ sends a cancel request indicating the desire of the 
user to cancel the utilisation of the program, to the con- 
tents server 1 9 frorp which the particular program is dis- 
tributed (step S202; in the case where a program to be 
deleted remains undeleted in any one of the basic 
blocks 40-1 to 4G-? of the UiM 12, on ins other hand, 
ths process for deletion of the program from the basic 
blocks 40-1 to 40-7. described later is carried out at the 
same time under she guidance of the distribution man- 
agement server 1 f,A 

[0263] The contents server 19, upon receipt of the 
cancel request, sends a cancel permission notice to the 
user information storage unit 61 of me distribution man- 
agement server ISA (step S203). 
[0284] The user Information storage unit 51 , upon re- 
csipt of tee cancel permission notice, deletes the infor- 
mation on the program of which the deletion is request- 
ed in step S201 . and sends the registered program list 
after deletion to the mobile terminal ii (step S204) 

[2 3 16] Program deletion from UIM basic block 

[0255] Now the process for deleting a program from 
the basic Dlocks 40-1 to 40-7 of the UIM 12 will be ex- 
plained with reference to Fig. 30. 
[0286] The user, by performing a predetermined op- 
era-ion, can display on the display unit 21 the registered 
program list transmuted already to the mobile terminal 
1 1 . Under this condition, assume that the user specifies 
the desired program and gives an instruction to delete 
it. One of the base blocks 40-1 to 40-7 of the UIM 12 
where the program to be deleted is stored is determined, 
and a deletion request containing the information spec- 
ifying the particular basic block is transmitted from the 
mobile terminal 11 to the user information storage unit 
5" of the distribution management, server 16A (step 
S211). 

[G2S7] The user information storage unit 51 , upon re- 
ceipt of the deletion request, sends a deletion permis- 
sion notice to the U!M 12 (step S212). 
[0268] The UIM 12. upon receipt of the deletion per- 
mission notice, deletes the program specified by the us- 
er in step S21 1 from the basic block, and sends a dele- 
tion end notice to >h§ user information storage unit 51 
(step S2T3), 

[0289] As a result, the user information storage unit 
51 deletes the information on the corresponding pro- 
gram under the control of the transmission control unit 
61 , and gives a delation notice to the contents server 1 9 



(Step S214). 

[0270] Also, the user information storage unit 51 no- 
tifies the rnobiie terminal 11 that the deletion is complete 
m the form of a program list, thereby ending the process. 

5 

[2.3.1. 6.1 1 The case in which the program deletion from 
basic block is carried out at the same time under the 
guidance of distribution management server. 

[0271] As described above, if the process for deleting 
a program from the basic blocks 40-1 to 40-7 is earned 
out at the same time as the deletion of the program from 
the user information storage unit 5 under the guidance 
of the distribution management server, the user in'or- 
'5 mation storage unit 51 of the distribution management 
server sends a deletion instruction to the UIM by spec- 
ifying the program cf which deletion is requested. ;n 
place of the process of steps S2H and S212 described 
above, 

20 

[2.3 1 .7} The case in which use of user information 
storage unit is prohibited, 

[0272] According to this embodiment, a deactivation 

5S process for the user information storage unit can bo ex- 
ecuted for preventing the user from using the user infor- 
mation storage unit 51 . This deactivation process for the 
user information storage unit is carried out. for example, 
in the case where the distribution management server 

Jo 1 6A slops the service temporarily, or the service of the 
distribution management server 16A to the user is tem- 
porarily suspended at the request of the contents pro- 
vider holding the contents server 19. Once this deacti- 
vation process for the user information storage unit is 

3S carried out, the distribution of tne programs registered 
in the user information storage unit 51 to the UIM '-2 is 
prohibited and so is the deletion of the programs regis- 
tered in the UIM 12, 

[0273] Now, with reference to Fig. 31 . the deactivation 
■*o process for the user information storage unit will be ex- 
plained. The following description concerns the case in 
which the contents server 1 9 requests the deactivation 
process for the user information storage unit. 
[0274] First, the contents server 19 sends a user -n- 
formation storage unit deactivation request to the user 
information storage unit 51 of the distribution manage- 
ment server 1 6 A (step S22 1 j . 

[0275] The user information storage unit 51 , upon re- 
ceipt of the user information storage unit deactivation 

50 request. Is prohibited from use (deactivated state), and 
sends a user information storage unit deactivation per- 
mission notice to the contents server 1& [step S222}. 
[0276] Then, the user information storage unit 51 
sends to the mobile term in ai 11 a user information s-cr - 

55 age unit deactivation notice to the effect thai the use of 
the user information storage unit 52 has been prohibited 
(step S223). 

[0277] As a result, the user of the mobile terminal 11 



41 



EP1 24S18SA1 



42 



can confirm thai 1 he use of the user information storage 
Ljr.it 51 has been prohibited 

[2-3.1 ,7,1] Ths esse In which the.- user information 
storage unit is deactivated by distribution management 
server 

[0278] in the case where the user information storage 
unit is deactivated by the distribution management serv- 
er 16A by itself, the user information storage unit 51 is 
prohibited from use {dsxKwatcd*- and s<wk» a user in- 
formation storage unit deactivation notice io the mobile 
terminal 11 indicating thai the use of the user information 
storage unit 51 is prohibited (step S223) 

[2 3 1 8] The case ;n which the use of the program 
stores in UIM basic block ts prohibited 

[0279] Now. the process for deactivation of basic 
block for pionibiting the use of a program stored in the 
basic blocks 40-1 to 40-7 or the free basic block 40-F1 
of the UIM 1 2 will be- explained with reference to Fig. 32. 
[02SG3 This process is earned ou- in the case where 
the mobile terminal 11 is stolen or the customs provide* 
requests the user to prohibit the use thereof. Orce this 
process is carried out. the user is prohibited from using 
the programs stored m the basic blocks (including the 
free basic block) involved The description that follows 
deals with ;he case n which the user service server 65 
in charge of user services, taking an appropriate meas- 
ure such as when -he mobile terminal 11 is stolen, re- 
quests the process, for deactivating the basic blocks 
based on the report from the user. 
[0281] Fig. 32 snows a sequence of the deactivation 
process for the basic blocks. 

[0282] First, the user service server 65 sends a basic 
block deactivation request to the user information stor- 
age unit 51 of the distribution management server 16A 
(step S231), 

[0283J The user information storage unit 51 , upon re- 
ceipt of the basic block deactivation request, sends a 
deactivation instruction to the UIM 12 (step S232) 
[0284] As a result, the UIM 12 deactivates the basic 
blocks meeting the basic block deactivation request, 
and gives a basic block deactivation response indicating 
that the use of the basic blocks has been prohibited 
(step S233). 

[0385} Then, the user information storage unit 51 
gives a basic biock deactivation end notice to the user 
service server 65 indicating that the use of the basic 
blocks- of the UIM " £ has been prohibited (step S234). 
[0266] Further, ifco user information storage unit 51 
gives a user information storage unit list to the mobile 
terminal 11 Indkrafng that the use of tho basic blocks 
(which may include- the tree basic block) is prohibited, 
thereby ending ths process (step S235). 



[2.4] Effects of second embodiment 

[02871 As described above, according to the secono 
embodiment, programs can be distributed beyond the 
s limit of the number of the storage areas of the storage 
module (DIM], and the operating convenience on the 
part of the user is improved. 

[028B] Also, the Distribution management server can 
easily manage the activation/ deactivation of the pro- 
10 gram distributed, and the distribution and the activation.' 
deactivation of the program ready for distribution. 



[3] Modifications of embodiments 

rs [3. 1 j First modification 

[0289] The foregoing description deals with the case- 
in which a single distribution management server is in- 
volved. Nevertheless, a plurality of distribution manage- 
20 rrientserverscanbeprovidedfordistributedproce&sing. 
[0290] in such a case, the programs stored in eacn 
UIM and ths information on the storage area of each 
program can be stored in a common database. 

55 [3 2| Second modification 

[0291] Apart from the foregoing description, dealing 
with the case in which the distribution management 
server is connected dirc5ctly to a line switching ne'work. 
so the distribution management server can be connected 
to the line switching network through an internet making 
up a packet switching network and an internet gateway. 

[3.3] Third modification 

35 

[0292] Although only !he UIM is described above as 
a storage module, tne invention is also applicable to var- 
ious IC card memories with equal effect. In this case, 
the storage module can be arranged at a fixed terminal 
*o a& well as at a mobile terminal 



45 1. A program distribution system comprising: 

at least a mobile terminal having means for 
transmitting a program distribution request; 
a storage module built in or connected to said 
so mobile terminal; 

a contents server for receiving said distribution 
request and transmitting a program to be dis- 
tributed; and 

a distribution management server for receiving 
55 said program from said contents server and 

only in a case where said contents server is an 
authorized contents server, transmitting said 
program received from said contents server to 
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said storage module b:ji:t in or connected to 
said mob;is terminal; 

charactered in that said storage module in- 
cludes 5 

a storage unit, and 

a contrcSunit for storing in said storage unit said 
program reived from said distribution man- 
agement server through said mobile terminal jo 
and. in compliance with a request executing 
said program stored in said storage unit, 

2. A program distribution system as set forth in claim 

1 . further composing sn authentication server for '5 
storing a first encryption key unique to said storage 
module, 

charactered In that said control unit of said 
siorage module decrypts Said program encrypted 
by said first encryption key and. only in a case 20 
where decryption is successful, said program ob- 
tained by decryption is stored in said storage unit. 

said cc-n-e-its server, upon receipt of said dis- 
t'ibufion request, acquires said first encryption key 
from said aiilharKication server and, using said firs! 35 
encryption key encrypts said program to be distrib- 
uted, said cedents server further encrypting said 
program using a second encryption key obtained m 
advance and transmitting jt to said distribution man- 
agement serve?, and 30 

s a i d d ist rit-i.: i i 0 n m a n ag erne nt s erve r d e cry pt s 
said encrypted program received from said con- 
tents server, using said second encryption key. gen- 
erates a progr&m encrypted only by said first en- 
cryption key ana. only in a case where said decryp- 35 
ton is successful, transmits said program obtained 
by said decryption to sa>3 storage maduie. 

3. A program diet; ibufion system as set forth in claim 

1, characterized in that said storage module •/£> 
stores a program and data used by said program. 

4. A program distribution system as set forth in claim 
i , characterizes in that said distribution manage- 
ment server induces a charge processing unit for 4S 
starling a charge process at a time of distributing 

a? program Ec sz-.d siorage module. 

5. A program distribution system as set forth in claim 

4, characterised in thai said charge processing so 
unit charges for rental of said storage module 

6. A program distdsution system as set forth in claim 
1 characterized in that said distribution manage- 
ment server includes a charge processing unit for 55 
starting said charge process at a time of holding a 
program for sale siorage modulo. 



7. A program distribution system as set forth in claim 
6. characterized in that said charge processing 
unit charges for rental of said storage moduis 

8. A program distribution system as set forth in claim 
1 , characterised in that said distribution manage- 
ment server transmits an activation ins* ruction to 
said storage module at the request of anoiher de- 
vice, and 

said storage module upon receipt of said ac- 
tivation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction. 

9. A program distribution system as set forth in claim 
1 , characterized in that said distribution manage- 
ment server transmits a deactivation instruction to 
said storage module at a request of another device, 
and 

said storage module, upon receipt of said da- 
activation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction, 

10. A program distribution system as set fortn in cialm 
1 , characterised in that said distribution manage- 
ment server transmits a deletion instruction to said 
storage module at said request of another device, 
and 

said storage modula. upon receipt of said de- 
letion instruction deletes the program designated 
by said deletion instruction from said storage mod- 
uis. 

11. A program distribution system as set forth in claim 
1 . characterized in that said distribution manage- 
ment server includes means for managing a state 
of said program in said storage module based on 
information sent to said storage module. 

12. A program distribution system as set forth in claim 
1 , characterized in thai said distribution manage- 
ment server acquires version information for said 
storage module and determines whether said pro- 
gram is to be distributed or not, based on said ver- 
sion, information.. 

13. A program distribution system as set forth in claim 
1 , characterized in that said mobiie terminal in- 
cludes a first communication unit for communica- 
tion utilizing a mobile communication network, er.d 
a second communication unit different from ss ; d 
first communication unit, and 

said control unit of said storage module l;v 
ciudes means for communication utilizing said ssc- 
ord communication unit in accordance' with sad 
program stored in said storage module. 
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14. A program distribution system comprising' 

a mobile terminal having means for transmitting 
a program distribution request, 
a storage module built in or connected to said 
mobile terminal and 

a communication management server for re- 
ceiving saia distribution request, and in a ease 
where a program to be distributed is provided 
by an "authorized contents server: acquiring 
said program and transmitting it to said storage 
module buiit in or connected io said mobile ter- 
ming;'; characterized in that said storage mod- 
ule includes 
a storage unit, and 

a control un:i for receiving information through 
saia mobile terminal, storing in said storage unit 
said information only in a case wnere said in- 
formation is a program received from said dis- 
tribution management server, and executing 
said program stored in said storage unit, in 
compliance with a request- 

15. A program distribution system as sot forth in claim 
14. characterized in that said distribution manage- 
ment server includes a real distribution information 
storage unit for storing pointer data for specifying a 
program sent to said storage module 



16. A program distribution system as set forth in claim 

15. characterized in that said storage unit ot said 
storage moduie includes a plurality of basic blocks 
for storing programs, and said real distnbu'ion in- 
formation storage unit of said distribution manage- 
ment server includes a plurality of areas corre- 
sponding to a plurality of said basic blocks. 

17. A program distribution system as set forth in claim 

16, characterized ir, that said distribution manage- 
ment server includes a virtual distribution informa- 
tion storage unit for storing sad pointer data for 
specifying a program capable of being distributed 
to said storage module but not currently stored In 
said storage module, and upon receipt of request 
of distribution, to said storage module, of a program 
specified by said pointer data stored in said virtual 
distribution informal ion storage unit, said program 
is distributed to said storage module and, said point- 
er data for specifying said program is moved from 
said virtual information distribution storage unit So 
saic reai distribution information storage unit. 

18. A program distribution system as set forth in claim 
16. characterized in that said distribution manage- 
ment server includes a program information storage 
unit for storing selected one of address information 
indicating a location of a program capable of being 
acquired from said contents serve-- and a program 



acquired from said contents server and, upon re- 
ceipt of a request for distribution, to said storage 
module, of a program specified by said pointer ti&ta 
stored in selected one of said real distribution infer- 
s malion storage unit and said virtual storage infor- 
mation storage unit, said program is acquired using 
said program information storage unit and is distrib- 
uted to said storage module. 

io 19, A program distribution system as set forth in claim 
1 7, characterized in that said mobile terminal in- 
cludes means for transmitting a menu list request, 
and 

said distribution management server, in corn- 
is pliance with said menu list request, accesses sa=d 
cornier data stored in said real distribution informa- 
tion storage unit and said virtual distribution infor- 
mation storage unit for said storage moduie bus it in 
or connected to said mobile terminal, generates a 
20 list of ptogvams specified by said pointer data, and 
transmitting said list to said mobile terminal. 

20. A program distribution system as set forth in claim 
14 characterized- in that. 

.?5 said mobile terminal includes a first commu- 

nication unit for communication utilizing a mobile 
communication network, and a second communica- 
tion unit different from said first communication unit: 
and 

30 said control unit of said storage moduie in- 

cludes means for communication utilizing said sec- 
ond communication unit in accordance with a pro- 
gram stored in said storage moduie. 

35 21. A distribution management server characterized 
by comprising: 

means for receiving from a contents server a 
program encrypted by a first encryption key 
40 unique to a destination of distribution and a sec- 

ond encryption key unique to said contents 
server permitted to distribute said program: and 
means for decrypting said program received 
from said contents server to a state encrypted 
45 by said second encryption key thereby to gen- 

erate a program encrypted by only said first en- 
cryption key. said program being distributed to 
said storage module built in or connected to a 
mobile terminal. 

22. A distribution management server characterized 

by comprising: 

a program information storage unit for storing 
selected one of a program acquired in advance 
from an authorized contents server and ad- 
dress information thereof; 
a reai distribution information storage unit for 
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storing points data indicating a stored position, 
in said program information storage unit, of a 
program vvhicfi is said program stored in a stor- 
age module buiU in or connected to a mobile 
terminal, or in a case where address informa- 
tion of said program is stored in said program 
information storage unit, a selected one of said 
program and said address information (hereof: 
a virtual distribution information storage unit for 
storing pointer date indicating said stored posi- 
tion of a program in said program information 
storage ursit, in a case where a program which 
is said program distributable to said storage 
module but not currently stored in said storage 
module, or address information thereof is 
stored In said program information storage unit, 
and 

means for acquiring a program specified by 
said pointai data stored in said virtual distribu- 
tion information storage unit, utilizing said pro- 
gram information storage unit in accordance 
with a request from said mobile terminal, and 
distributing said program to said storage mod- 
ulo, and moving said pointer data to said real 
distribution informal ion storage unit, 

23. A contents server comprising 

means for acquiring an encryption key unique 
to a storage module from an external authenti- 
cation server upon receipt of a program distri- 
bution request from a mobile terminal butt in or 
connected to said storage modulo 
first encryption means for encrypting a program 
to be distributed, by said first encryplion key; 
second encryplion means for encrypting a pro- 
gram obtained by said t:rst encryplion means, 
in such a manner as to be decrypted by the dis- 
tribution management server for distribution to 
said storage module; and 
means for transmitting said program encrypted 
by said firs- and second encryption means to 
said distribution management server. 

24. A storage module built In or connected to a mobile 
terminal, comprising: 

a storage unit; and 

a control unit for receiving an encrypted pro- 
gram from a specific distribution management 
serverthrough said mobile terminal, decrypting 
said program by a private key stored in ad- 
vance, storing said program in said storage unit 
only in a case where said decryption succeeds 
and : in response to a request, executing said 
program stored in said storage unit 

25. A storage module as set forth in claim 24, charac- 



terized in that said storage unit includes a plurality 
of storage biocks for executing a program, and a 
storage area for storing an activation flag indicating 
whether a program stored in each storage block can 

5 be executed or net. and 

said control unit writes said activation flag m 
accordance with an instruction received from a dis- 
tribution management server through said mobile 
terminal, and in a case where an instruction is given 

>o to execute a program stored in any one of basic 
blocks through said mobile terminal, said control 
unit determines whether said execution instruction 
is to be followed or not based on an activation flag 
corresponding to one of said basic blocks. 

2S. A program distribution method characterized by 

comprising: 

a step of a mobile terminal transmitting a pro- 
20 gram distribution request to a contents server. 

said storage module being built in or connected 

to said mobile terminal; 

a step of said contents sewer receiving said 

distribution request and transmitting a program 
25 to be distributed, lo a distribution management 

server; and 

a step of transmitting said program to said stor- 
age moduiebuiit in or connected to said mobile 
terminal to which said distribution request is 
30 transmitted, in acase where said contents serv- 

er transmitting said program is an authorised 
contents server. 

27. A program distribution method comprising: 

a step of a mobile terminal transmitting a pro- 
gram distribution request to a contents server, 
said storage module being built in or connected 
to said mobile terminal;: 

40 a step of said contents server receiving said 

distribution request and acquiring a first en- 
cryption key unique to said storage moauie 
from an authentication server; 
a step of said contents server encrypting a pro- 

45 gram to be distributed, by said first encryption 

key; 

a step of said contents server encrypting a pro- 
gram encrypted by said first encryption key, by 
a second encryption key acquired in advance, 

50 a step of said contents server transmitting a 

program encrypted by said first encryption key 
and said second encryption key, to a distribu- 
tion management server; 
a step of said distribution management server 

5° decrypting said program transmitted from said 

contents server, to a stale before said second 
encryption, and generating a program encrypt- 
ed only by said first encryption key: and 
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a step of said distribution rnanagemeni server 
transmitting a program encrypted only by said 
first encryption key. to said storage module built 
in or connected to a mobile terminal tc which 
saics distribution request is transmitted. 

28. A program distribution method comprising: 

a step of a mobile terminal transmitting a pro- 
gram distnbJtion request to a distribution man- 
agement server, a storage module being built 
in or connected to said mobile terminai; 
a step of said distribution management server 
receiving said distribution request, and deter- 
mining whether a program to be distributed is 
a program provided by an authorized contents 
server or not: and 

acquiring sa;d program and transmitting ii to s 
storage module built in or connected to said 
mobile terminal in a case where said program 
to be distributed is provided by an authorized 
contents server. 

29. A program distribution method as set forth in claim 
28; comprising: "•" > 

a step of sad distribution management server 
storing a program or address information there- 
of in storags means in plsce of said storage 
module: and 30 
a step oi sa:d distribution management server, 
upon receipt of a program distribution request 
from said mobile terminal, acquiring a request- 
ed program using said storage means and dis- 
tribuling it to said storage module 35 

30. A program for causing a computer of a distribution 
management server to execute: 

a process for receiving from said contents serv- -»o 
er a program which has been encrypted by a 
first encryption key unique lo a distribution des- 
tination aid a second encryption key unique to 
a contents server authorized to distribute a pro- 
gram; and 45 
a process far decrypting a prog i am received 
from said contents server and thereby restoring 
said program to a slate before the encryption 
by said second encryption Key. thereby gener- 
ating a prog- am encrypted only by said first en- M 
crypiion key and distributing said program to a 
storage module built m or connected to a mobile 
terminal. 

31. A program for causing a computer of a distribution 55 
management server to execute: 

a step of receiving a program distribution re- 



quest from a mobile terminal with * storage 
module built therein or connected thereto 
a step of determining whether a program tc c-e 
distributed is provided by an authorized con- 
tents server; and 

a step of acquiring said program to be distrib- 
uted and transmitting it to a storage module 
built in or connected to said mobile terminai in 
a case where said program is provided by an 
authorized contents server 

32. A program distribution method as set forth in claim 
30. characterized by comprising: 

a step of storing a program or the address In- 
formation thereof in storage means in place of 
said storage module; and 
a step of acquiring a requested program using 
said storage means and distributing said pro- 
gram to said storage module, upon receipt of a 
program distribution request from said mobile 
terminal 



33, A program for causinc 
server to execute: 



a computer of a contents 



a process for acquiring, upon receipt of a pro- 
gram distribution request from a mobile termi- 
nal with a storage moduie buiit therein or con- 
nected thereto, an encryption key unique to 
said storage module from an externa! authen- 
tication ■server; 

the first encryption process for encrypting a 
program to be distributed, by said first encryp- 
tion key; 

the second encryption process for encrypting a 
crogram obtained by said first encryption proc- 
ess, in such a manner as to be decrypted by a 
distribution management server for distributing 
a program to said storage module; and 
the process for transmitting a program encrypt- 
ed by said first and second encryption process- 
es to said distribution management server 

34. A program tor causing the control unit of a storage 
module buiit in or connected to a mobile terminal to 



a process ior receiving an encrypted program 
from a specified distribution management serv- 
er through a mobile terminal; 
a process for decrypting the received program 
by a private key stored in advance, and only in 
a case wnere said decryption is successful, 
storing said program in a storage unit; and 
a process for executing the program stored m 
said storage unit, as required 
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SS. A program tor causing a computer of a attribution 

management server to execute. 

a process for receiving from a contents server 
authorized to distribute a program, s program 
encrypted by a first encryption key unique to a 
distributee and a second encrypiion key unique 
to said cedents server; and 
a process for decrypting said program received 
from said contents server, and restoring said 
program to a state before said encryption by 
said second encryption key, thereby generating 
a program encrypted oniy by said first encryp- 
tion key. and distributing said program to a stor- 
age module built in or connected to a mobile 
t&rminai. 

3S. A program for causing a computer of a distribution 
management server to execute: 

a step of 'cceiving a program distribution re- 
quest from a rnobiie terminal with a storage 
module bail- therein or connected thereto; 
a stop of determining whether a program to be 
distributed =s provided by an authorized con- 
tents server or not; and 
a step cf acquiring and transmitting a program 
to be distributed, to a storage module built in or 
connected to said rnobiie terminal in the case 
where sales orogram ts provided by an author- 
ized contents server. 



distribution management server for distribute 
a program to said storage module; and 
a process for transmitting to said distribution 
management server said program encrypted 
by said first and said second encryption proc- 
esses. 

39. A program for causing said control unit of a storage 
module built in or connected to a mobile termini to 
execute: 

a process for receiving an encrypted program 
from a specified distribution management serv- 
er through said mobile terminal; 
a process for decrypting said received program 
by a private key stored, and storing said pro- 
gram in a storage unit only in a case where said 
decryption is successful; and 
a process for executing said program stored sn 
said storage unit, as required. 



37. A program distribution method as set forth in claim 
36, characterized by comprising- 

35 

a step of s.ionng & program or the address in- 
formation thereof in storage means in place cf 
said storage module; and 
acquiring, upon receipt of a program distribu- 
tion request from said mobile terminal, the re- -*o 
quested program utilizing said storage means 
and distributing said program to said storage 
module. 

38. A program for causing a computer of a contents *s 
server to execute: 



a process for acquiring an encryption key 
unsque to a storage module built in or connect- 
ed to a nob:ie terminal from an external authen- so 
tksation server, upon receipt of a program dis- 
tribution recucst from said rnobiie terminal; 
a first encryption process for encrypting a pro- 
gram to be distributed, by said first encryption 
key: ss 
a second encryption key for encrypting said 
program obtained by said first encryption proc- 
ess, in such a manner as to be decrypted by a 
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